Download - Privacy, Security, and Copyright in the Digital Era By Ben Shaw, Mike Vaneman, and Mike Kozak
Privacy, Security, and Privacy, Security, and Copyright in the Digital EraCopyright in the Digital Era
By Ben Shaw, Mike Vaneman, By Ben Shaw, Mike Vaneman, and Mike Kozakand Mike Kozak
Digital EraDigital Era
New tool setNew tool set
Digital dataDigital data Fingerprint scanFingerprint scan 01101000111101011001110011100010110100011110101100111001110001
Digital equipmentDigital equipment SoftwareSoftware HardwareHardware
Advances in digital technologyAdvances in digital technology
PrivacyPrivacy
Define privacyDefine privacy
Self-value Self-value
Is our privacy at stake?Is our privacy at stake?
Privacy in the Digital EraPrivacy in the Digital Era
Digital TechnologiesDigital Technologies
BiometricsBiometrics IdentificationIdentification AuthenticationAuthentication
Location trackingLocation tracking ““Always -On”Always -On” New advancementsNew advancements
Electronic communicationsElectronic communications InternetInternet
Biometrics Biometrics
What are biometrics?What are biometrics?
Different types of biometric systemsDifferent types of biometric systems IrisIris FingerprintFingerprint VoiceVoice FacialFacial
Biometric IdentificationBiometric Identification
Super Bowl XXXVSuper Bowl XXXV
People are identified People are identified based on facial based on facial characteristicscharacteristics
Samples are compared to Samples are compared to biometric data stored in biometric data stored in large database, referred large database, referred to as “one-to-many”to as “one-to-many”
Employed by police and Employed by police and government officialsgovernment officials
Biometric AuthenticationBiometric Authentication
Individual verification Individual verification technique used by technique used by government agenciesgovernment agencies
Individual’s biometric Individual’s biometric data is stored on a data is stored on a smart cardsmart card
FacePASSFacePASS
Privacy issuesPrivacy issues
Location TrackingLocation Tracking
Advancements in cell Advancements in cell phone technologyphone technologyCell phone trackingCell phone tracking““Always-On”Always-On”
On-demand trackingOn-demand tracking Provide emergency Provide emergency
locationslocations
New advancementsNew advancements RFIDRFID Implanted radio chipsImplanted radio chips License plate camerasLicense plate cameras
Privacy IssuesPrivacy Issues
Electronic CommunicationsElectronic Communications
InternetInternet Advancements in information and Advancements in information and
communication technologies have communication technologies have significantly raised the acceptance rate of significantly raised the acceptance rate of Internet-based applications and servicesInternet-based applications and services
Multiple privacy threats on the WWWMultiple privacy threats on the WWW
AnonymityAnonymity AnonymizerAnonymizer
Privacy Threats on The WebPrivacy Threats on The Web
CookiesCookies Those darn thingsThose darn things
BrowsersBrowsers Security flawsSecurity flaws
EmailEmail [email protected]@X.Y.Z
SpamSpam Pain in the you no whatPain in the you no what
Search enginesSearch engines GoogleGoogle
GoogleGoogle
Google’s immortal Google’s immortal cookiecookie
Google records Google records everything they caneverything they can
Google retains all Google retains all data indefinitelydata indefinitely
Google won’t say why Google won’t say why they need this datathey need this data
Google hires ex-NSAGoogle hires ex-NSA
Google’s toolbar is Google’s toolbar is spywarespyware
Google’s cache copy Google’s cache copy is illegalis illegal
Google is not your Google is not your friendfriend
Google is a privacy Google is a privacy time bombtime bomb
AnonymityAnonymity
AnonymizerAnonymizer Web anonymity toolWeb anonymity tool Acts as a link between user and the website Acts as a link between user and the website
he or she is trying to accesshe or she is trying to access Third partyThird party
Digital SecurityDigital Security
Security TypesSecurity Types
Internet SecurityInternet Security
Network SecurityNetwork Security
Computer SecurityComputer Security
Router UsageRouter Usage
A router acts as a junction between two or more A router acts as a junction between two or more networks to transfer data packets among themnetworks to transfer data packets among them
Greatly reduces risk of being hacked when using Greatly reduces risk of being hacked when using Network Address Translation (NAT)Network Address Translation (NAT) NAT is the re-writing of NAT is the re-writing of the source and/or destination the source and/or destination
addresses of IP packets as they pass through a router addresses of IP packets as they pass through a router or firewall or firewall
Allows for multiple hosts on a private network to Allows for multiple hosts on a private network to access the internet through the use of a single public access the internet through the use of a single public IP addressIP address
Router Usage Router Usage
NAT also typically has the effect of preventing NAT also typically has the effect of preventing connections from being established inbound connections from being established inbound into your computer, whilst permitting into your computer, whilst permitting connections outconnections out
FirewallFirewall
Blocks traffic to all unauthenticated ports on your Blocks traffic to all unauthenticated ports on your computer, thus restricting accesscomputer, thus restricting access
Firewall UsageFirewall Usage
Firewalls use one or more of three methods to control Firewalls use one or more of three methods to control traffic flowing in and out of the network: traffic flowing in and out of the network:
Packet filteringPacket filtering - Packets (small chunks of data) are analyzed - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. are sent to the requesting system and all others are discarded.
Proxy serviceProxy service - Information from the Internet is retrieved by the - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. firewall and then sent to the requesting system and vice versa.
Stateful inspectionStateful inspection - A newer method that doesn't examine the - A newer method that doesn't examine the contents of each packet but instead compares certain key parts contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise reasonable match, the information is allowed through. Otherwise it is discarded. it is discarded.
Software Security RisksSoftware Security Risks
VirusesViruses A virus is a small piece of software that piggybacks on A virus is a small piece of software that piggybacks on
real programs. For example, a virus might attach itself real programs. For example, a virus might attach itself to a program such as a spreadsheet program or to a program such as a spreadsheet program or email. Each time the spreadsheet program runs, the email. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc. attaching to other programs) or wreak havoc.
WormsWorms A worm is a small piece of software that uses A worm is a small piece of software that uses
computer networkscomputer networks and security holes to replicate and security holes to replicate itself. A copy of the worm scans the network for itself. A copy of the worm scans the network for another machine that has a specific security hole. It another machine that has a specific security hole. It copies itself to the new machine using the security copies itself to the new machine using the security hole, and then starts replicating from there, as well. hole, and then starts replicating from there, as well.
Software Security RisksSoftware Security RisksSpywareSpyware
Spyware is a category of computer programs that attach themselves to your Spyware is a category of computer programs that attach themselves to your operating system in nefarious ways. They can suck the life out of your operating system in nefarious ways. They can suck the life out of your computer's processing power. They are designed to track your Internet habits, computer's processing power. They are designed to track your Internet habits, nag you with unwanted sales offers or generate traffic for their host Web site. nag you with unwanted sales offers or generate traffic for their host Web site. According to recent estimates, more than two-thirds of all personal computers According to recent estimates, more than two-thirds of all personal computers are infected with some kind of spyware are infected with some kind of spyware
Trojan HorsesTrojan Horses A Trojan horse is simply a computer program. The program claims to do one A Trojan horse is simply a computer program. The program claims to do one
thing (it may claim to be a game) but instead does damage when you run it (it thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically. may erase your hard disk). Trojan horses have no way to replicate automatically.
AdwareAdware Adware is software integrated into or bundled with a program. It is usually seen Adware is software integrated into or bundled with a program. It is usually seen
by the programmer as a way to recover programming development costs, and in by the programmer as a way to recover programming development costs, and in some cases it may allow the program to be provided to the user free of charge or some cases it may allow the program to be provided to the user free of charge or at a reduced price. The advertising income may allow or motivate the at a reduced price. The advertising income may allow or motivate the programmer to continue to write, maintain and upgrade the software product.programmer to continue to write, maintain and upgrade the software product.
Virus StatisticsVirus Statistics
Past 7 daysPast 7 days
## Virus NameVirus Name Infected ComputersInfected Computers Scanned Scanned ComputersComputers % Infected% Infected
11 Exploit-WMFExploit-WMF 43,45143,451 955,481955,481 4.554.55
22 JS/WonkaJS/Wonka 40,81040,810 955,481955,481 4.274.27
33 Exploit-ByteVerifyExploit-ByteVerify 34,96634,966 955,481955,481 3.663.66
44 Exploit-ANIfileExploit-ANIfile 31,11431,114 955,481955,481 3.263.26
55 Adware-Url.genAdware-Url.gen 29,95629,956 955,481955,481 3.143.14
66 Downloader-ZQDownloader-ZQ 27,79727,797 955,481955,481 2.912.91
77 Generic Generic Downloader.zDownloader.z 27,54527,545 955,481955,481 2.882.88
88 Adware-BoarimAdware-Boarim 20,99120,991 955,481955,481 2.22.2
99 Adware-CometsysAdware-Cometsys 17,77917,779 955,481955,481 1.861.86
1010 JV/JV/ShinwowShinwow 15,49115,491 955,481955,481 1.621.62
Spyware ExampleSpyware Example
Many Internet Explorer add-on toolbars monitor the user's activity. When installed and run without the user's consent, such add-ons count as spyware. Here multiple toolbars (including both spyware and innocuous ones) overwhelm an Internet Explorer session.
Phishing Security RiskPhishing Security Risk
Phishing is a form of criminal activity using Phishing is a form of criminal activity using social engineering techniques. It is social engineering techniques. It is characterized by attempts to fraudulently characterized by attempts to fraudulently acquire sensitive information, such as acquire sensitive information, such as passwords and credit card details, by passwords and credit card details, by masquerading as a trustworthy person or masquerading as a trustworthy person or business in an apparently official business in an apparently official electronic communication.electronic communication. It is typically It is typically done through email and the end result if done through email and the end result if successful is identity fraudsuccessful is identity fraud
Phishing Facts Phishing Facts
13,776 phishing attacks linked to 5,259 13,776 phishing attacks linked to 5,259 Web sites took place in August of 2005. Web sites took place in August of 2005.
They targeted 84 different businesses, but They targeted 84 different businesses, but three businesses received 80 percent of three businesses received 80 percent of the attacks. the attacks.
85 percent of the attacks targeted banks 85 percent of the attacks targeted banks and other financial institutions. and other financial institutions.
Phishing TrendPhishing Trend
A chart showing the increase in phishing reports from October 2004 to June 2005.
CopyrightCopyright
Copyright and Copyright Copyright and Copyright InfringementInfringement
CopyrightCopyright LawsLaws Digital Rights ManagementDigital Rights Management MPAA and RIAAMPAA and RIAA
Copyright InfringementCopyright Infringement BitTorrentBitTorrent ContributionsContributions
CopyrightCopyright
““Copyright is a set of exclusive rights Copyright is a set of exclusive rights granted by governments to regulate the granted by governments to regulate the use of a particular expression of an idea or use of a particular expression of an idea or information. At its most general, it is information. At its most general, it is literally "the right to copy" an original literally "the right to copy" an original creation. In most cases, these rights are of creation. In most cases, these rights are of limited duration limited duration (http://en.wikipedia.org/wiki/Copyright)(http://en.wikipedia.org/wiki/Copyright)
Copyright LawsCopyright Laws
Copyright Act of 1790 Copyright Act of 1790 "sole right and liberty of printing, reprinting, "sole right and liberty of printing, reprinting,
publishing and vending" publishing and vending" maps, charts, and books maps, charts, and books 14 year term 14 year term
Copyright LawsCopyright Laws
Copyright Act of 1976 Copyright Act of 1976
Copyright of expression Copyright of expression literary, dramatic, and musical works; literary, dramatic, and musical works;
pantomimes and choreography; pictorial, pantomimes and choreography; pictorial, graphic and sculptural works; audio-visual graphic and sculptural works; audio-visual works; sound recordings; and architectural works; sound recordings; and architectural works works
eligible for copyright protection as soon as it is eligible for copyright protection as soon as it is fixed in a tangible form fixed in a tangible form
Copyright LawsCopyright Laws
Established the fair use policy for Established the fair use policy for copyright holders copyright holders Defines conditions under which individuals Defines conditions under which individuals
may use copyrighted material without may use copyrighted material without permission permission
Possible to quote from a copyrighted work Possible to quote from a copyrighted work Fair use is a "defense" to copyright Fair use is a "defense" to copyright
infringement, not a right. infringement, not a right.
Copyright LawsCopyright Laws
Digital Millennium Copyright Act, DMCADigital Millennium Copyright Act, DMCA The act criminalizes production and The act criminalizes production and
dissemination of technology that can dissemination of technology that can circumvent measures taken to protect circumvent measures taken to protect copyright copyright
heightens the penalties for copyright heightens the penalties for copyright infringement on the Internet infringement on the Internet
Limited the liability of Online Providers Limited the liability of Online Providers
MPAAMPAA
Motion Picture Association of AmericaMotion Picture Association of America protect member interests through political protect member interests through political
lobbying for changes in copyright and criminal lobbying for changes in copyright and criminal lawlaw
Responsible for the film rating system Responsible for the film rating system
Setting DMCA regulationsSetting DMCA regulations
RIAARIAA
Recording Industry Association of AmericaRecording Industry Association of America Responsible for setting technical recording Responsible for setting technical recording
standardsstandards
Collection of music licenses and royaltiesCollection of music licenses and royalties
Setting DMCA regulationsSetting DMCA regulations
Digital Rights ManagementDigital Rights Management
To date all DRM methods have failedTo date all DRM methods have failed Physical protectionPhysical protection DIVXDIVX CSSCSS Product activationProduct activation Digital watermarkingDigital watermarking
Copyright InfringementCopyright Infringement
““Copyright infringement is the Copyright infringement is the unauthorized use of copyrighted material unauthorized use of copyrighted material in a manner that violates one of the in a manner that violates one of the copyright owner's exclusive rights, such as copyright owner's exclusive rights, such as the right to reproduce or perform the the right to reproduce or perform the copyrighted work, or to make derivative copyrighted work, or to make derivative works that build upon it. works that build upon it. (http://en.wikipedia.org/wiki/Copyright_infri(http://en.wikipedia.org/wiki/Copyright_infringement) ngement)
Copyright InfringementCopyright Infringement
BitTorrentBitTorrent Azureus, BitComet, BitLord, uTorrent Azureus, BitComet, BitLord, uTorrent
EDonkey, FastTrack and GnutellaEDonkey, FastTrack and Gnutella EDonkey 2000EDonkey 2000 KaZaA, GroksterKaZaA, Grokster Bearshare, Gnucleus, LimeWire, Morpheus, Bearshare, Gnucleus, LimeWire, Morpheus,
Phex, Shareaza Phex, Shareaza
BitTorrentBitTorrent
.torrent files.torrent files TrackersTrackers
SeedersSeeders Completed fileCompleted file
LeachersLeachers DownloadersDownloaders
BitTorrentBitTorrent
Protocol breaks the file(s) down into Protocol breaks the file(s) down into smaller fragments smaller fragments Requests from peers the fragments that Requests from peers the fragments that are most rareare most rareUploading fragments to their peers before Uploading fragments to their peers before the entire file is downloaded the entire file is downloaded Chooses the peer with the best network Chooses the peer with the best network connections for the fragments that it is connections for the fragments that it is requesting requesting
BitTorrentBitTorrent
uTorrentuTorrent
AdvancementsAdvancements
MPAA and RIAA followed in the footsteps MPAA and RIAA followed in the footsteps of file sharing softwareof file sharing software Napster, ITunesNapster, ITunes Warner BrothersWarner Brothers Network Television StationsNetwork Television Stations
This Concludes Our This Concludes Our PresentationPresentation
Any Questions?Any Questions?