Privacy, Security, and Privacy, Security, and Copyright in the Digital EraCopyright in the Digital Era

By Ben Shaw, Mike Vaneman, By Ben Shaw, Mike Vaneman, and Mike Kozakand Mike Kozak

Digital EraDigital Era

New tool setNew tool set

Digital dataDigital data Fingerprint scanFingerprint scan 01101000111101011001110011100010110100011110101100111001110001

Digital equipmentDigital equipment SoftwareSoftware HardwareHardware

Advances in digital technologyAdvances in digital technology

PrivacyPrivacy

Define privacyDefine privacy

Self-value Self-value

Is our privacy at stake?Is our privacy at stake?

Privacy in the Digital EraPrivacy in the Digital Era

Digital TechnologiesDigital Technologies

BiometricsBiometrics IdentificationIdentification AuthenticationAuthentication

Location trackingLocation tracking ““Always -On”Always -On” New advancementsNew advancements

Electronic communicationsElectronic communications InternetInternet

Biometrics Biometrics

What are biometrics?What are biometrics?

Different types of biometric systemsDifferent types of biometric systems IrisIris FingerprintFingerprint VoiceVoice FacialFacial

Biometric IdentificationBiometric Identification

Super Bowl XXXVSuper Bowl XXXV

People are identified People are identified based on facial based on facial characteristicscharacteristics

Samples are compared to Samples are compared to biometric data stored in biometric data stored in large database, referred large database, referred to as “one-to-many”to as “one-to-many”

Employed by police and Employed by police and government officialsgovernment officials

Biometric AuthenticationBiometric Authentication

Individual verification Individual verification technique used by technique used by government agenciesgovernment agencies

Individual’s biometric Individual’s biometric data is stored on a data is stored on a smart cardsmart card

FacePASSFacePASS

Privacy issuesPrivacy issues

Location TrackingLocation Tracking

Advancements in cell Advancements in cell phone technologyphone technologyCell phone trackingCell phone tracking““Always-On”Always-On”

On-demand trackingOn-demand tracking Provide emergency Provide emergency

locationslocations

New advancementsNew advancements RFIDRFID Implanted radio chipsImplanted radio chips License plate camerasLicense plate cameras

Privacy IssuesPrivacy Issues

Electronic CommunicationsElectronic Communications

InternetInternet Advancements in information and Advancements in information and

communication technologies have communication technologies have significantly raised the acceptance rate of significantly raised the acceptance rate of Internet-based applications and servicesInternet-based applications and services

Multiple privacy threats on the WWWMultiple privacy threats on the WWW

AnonymityAnonymity AnonymizerAnonymizer

Privacy Threats on The WebPrivacy Threats on The Web

CookiesCookies Those darn thingsThose darn things

BrowsersBrowsers Security flawsSecurity flaws

EmailEmail W@X.Y.ZW@X.Y.Z

SpamSpam Pain in the you no whatPain in the you no what

Search enginesSearch engines GoogleGoogle

GoogleGoogle

Google’s immortal Google’s immortal cookiecookie

Google records Google records everything they caneverything they can

Google retains all Google retains all data indefinitelydata indefinitely

Google won’t say why Google won’t say why they need this datathey need this data

Google hires ex-NSAGoogle hires ex-NSA

Google’s toolbar is Google’s toolbar is spywarespyware

Google’s cache copy Google’s cache copy is illegalis illegal

Google is not your Google is not your friendfriend

Google is a privacy Google is a privacy time bombtime bomb

AnonymityAnonymity

AnonymizerAnonymizer Web anonymity toolWeb anonymity tool Acts as a link between user and the website Acts as a link between user and the website

he or she is trying to accesshe or she is trying to access Third partyThird party

Digital SecurityDigital Security

Security TypesSecurity Types

Internet SecurityInternet Security

Network SecurityNetwork Security

Computer SecurityComputer Security

Router UsageRouter Usage

A router acts as a junction between two or more A router acts as a junction between two or more networks to transfer data packets among themnetworks to transfer data packets among them

Greatly reduces risk of being hacked when using Greatly reduces risk of being hacked when using Network Address Translation (NAT)Network Address Translation (NAT) NAT is the re-writing of NAT is the re-writing of the source and/or destination the source and/or destination

addresses of IP packets as they pass through a router addresses of IP packets as they pass through a router or firewall or firewall

Allows for multiple hosts on a private network to Allows for multiple hosts on a private network to access the internet through the use of a single public access the internet through the use of a single public IP addressIP address

Router Usage Router Usage

NAT also typically has the effect of preventing NAT also typically has the effect of preventing connections from being established inbound connections from being established inbound into your computer, whilst permitting into your computer, whilst permitting connections outconnections out

FirewallFirewall

Blocks traffic to all unauthenticated ports on your Blocks traffic to all unauthenticated ports on your computer, thus restricting accesscomputer, thus restricting access

Firewall UsageFirewall Usage

Firewalls use one or more of three methods to control Firewalls use one or more of three methods to control traffic flowing in and out of the network: traffic flowing in and out of the network:

Packet filteringPacket filtering - Packets (small chunks of data) are analyzed - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. are sent to the requesting system and all others are discarded.

Proxy serviceProxy service - Information from the Internet is retrieved by the - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. firewall and then sent to the requesting system and vice versa.

Stateful inspectionStateful inspection - A newer method that doesn't examine the - A newer method that doesn't examine the contents of each packet but instead compares certain key parts contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise reasonable match, the information is allowed through. Otherwise it is discarded. it is discarded.

Software Security RisksSoftware Security Risks

VirusesViruses A virus is a small piece of software that piggybacks on A virus is a small piece of software that piggybacks on

real programs. For example, a virus might attach itself real programs. For example, a virus might attach itself to a program such as a spreadsheet program or to a program such as a spreadsheet program or email. Each time the spreadsheet program runs, the email. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc. attaching to other programs) or wreak havoc.

WormsWorms A worm is a small piece of software that uses A worm is a small piece of software that uses

computer networkscomputer networks and security holes to replicate and security holes to replicate itself. A copy of the worm scans the network for itself. A copy of the worm scans the network for another machine that has a specific security hole. It another machine that has a specific security hole. It copies itself to the new machine using the security copies itself to the new machine using the security hole, and then starts replicating from there, as well. hole, and then starts replicating from there, as well.

Software Security RisksSoftware Security RisksSpywareSpyware

Spyware is a category of computer programs that attach themselves to your Spyware is a category of computer programs that attach themselves to your operating system in nefarious ways. They can suck the life out of your operating system in nefarious ways. They can suck the life out of your computer's processing power. They are designed to track your Internet habits, computer's processing power. They are designed to track your Internet habits, nag you with unwanted sales offers or generate traffic for their host Web site. nag you with unwanted sales offers or generate traffic for their host Web site. According to recent estimates, more than two-thirds of all personal computers According to recent estimates, more than two-thirds of all personal computers are infected with some kind of spyware are infected with some kind of spyware

Trojan HorsesTrojan Horses A Trojan horse is simply a computer program. The program claims to do one A Trojan horse is simply a computer program. The program claims to do one

thing (it may claim to be a game) but instead does damage when you run it (it thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically. may erase your hard disk). Trojan horses have no way to replicate automatically.

AdwareAdware Adware is software integrated into or bundled with a program. It is usually seen Adware is software integrated into or bundled with a program. It is usually seen

by the programmer as a way to recover programming development costs, and in by the programmer as a way to recover programming development costs, and in some cases it may allow the program to be provided to the user free of charge or some cases it may allow the program to be provided to the user free of charge or at a reduced price. The advertising income may allow or motivate the at a reduced price. The advertising income may allow or motivate the programmer to continue to write, maintain and upgrade the software product.programmer to continue to write, maintain and upgrade the software product.

Virus StatisticsVirus Statistics

Past 7 daysPast 7 days

## Virus NameVirus Name Infected ComputersInfected Computers Scanned Scanned ComputersComputers % Infected% Infected

11 Exploit-WMFExploit-WMF 43,45143,451 955,481955,481 4.554.55

22 JS/WonkaJS/Wonka 40,81040,810 955,481955,481 4.274.27

33 Exploit-ByteVerifyExploit-ByteVerify 34,96634,966 955,481955,481 3.663.66

44 Exploit-ANIfileExploit-ANIfile 31,11431,114 955,481955,481 3.263.26

55 Adware-Url.genAdware-Url.gen 29,95629,956 955,481955,481 3.143.14

66 Downloader-ZQDownloader-ZQ 27,79727,797 955,481955,481 2.912.91

77 Generic Generic Downloader.zDownloader.z 27,54527,545 955,481955,481 2.882.88

88 Adware-BoarimAdware-Boarim 20,99120,991 955,481955,481 2.22.2

99 Adware-CometsysAdware-Cometsys 17,77917,779 955,481955,481 1.861.86

1010 JV/JV/ShinwowShinwow 15,49115,491 955,481955,481 1.621.62

Spyware ExampleSpyware Example

Many Internet Explorer add-on toolbars monitor the user's activity. When installed and run without the user's consent, such add-ons count as spyware. Here multiple toolbars (including both spyware and innocuous ones) overwhelm an Internet Explorer session.

Phishing Security RiskPhishing Security Risk

Phishing is a form of criminal activity using Phishing is a form of criminal activity using social engineering techniques. It is social engineering techniques. It is characterized by attempts to fraudulently characterized by attempts to fraudulently acquire sensitive information, such as acquire sensitive information, such as passwords and credit card details, by passwords and credit card details, by masquerading as a trustworthy person or masquerading as a trustworthy person or business in an apparently official business in an apparently official electronic communication.electronic communication. It is typically It is typically done through email and the end result if done through email and the end result if successful is identity fraudsuccessful is identity fraud

Phishing Facts Phishing Facts

13,776 phishing attacks linked to 5,259 13,776 phishing attacks linked to 5,259 Web sites took place in August of 2005. Web sites took place in August of 2005.

They targeted 84 different businesses, but They targeted 84 different businesses, but three businesses received 80 percent of three businesses received 80 percent of the attacks. the attacks.

85 percent of the attacks targeted banks 85 percent of the attacks targeted banks and other financial institutions. and other financial institutions.

Phishing TrendPhishing Trend

                                                    

  A chart showing the increase in phishing reports from October 2004 to June 2005.

CopyrightCopyright

Copyright and Copyright Copyright and Copyright InfringementInfringement

CopyrightCopyright LawsLaws Digital Rights ManagementDigital Rights Management MPAA and RIAAMPAA and RIAA

Copyright InfringementCopyright Infringement BitTorrentBitTorrent ContributionsContributions

CopyrightCopyright

““Copyright is a set of exclusive rights Copyright is a set of exclusive rights granted by governments to regulate the granted by governments to regulate the use of a particular expression of an idea or use of a particular expression of an idea or information. At its most general, it is information. At its most general, it is literally "the right to copy" an original literally "the right to copy" an original creation. In most cases, these rights are of creation. In most cases, these rights are of limited duration limited duration (http://en.wikipedia.org/wiki/Copyright)(http://en.wikipedia.org/wiki/Copyright)

Copyright LawsCopyright Laws

Copyright Act of 1790 Copyright Act of 1790 "sole right and liberty of printing, reprinting, "sole right and liberty of printing, reprinting,

publishing and vending" publishing and vending" maps, charts, and books maps, charts, and books 14 year term 14 year term

Copyright LawsCopyright Laws

Copyright Act of 1976 Copyright Act of 1976

Copyright of expression Copyright of expression literary, dramatic, and musical works; literary, dramatic, and musical works;

pantomimes and choreography; pictorial, pantomimes and choreography; pictorial, graphic and sculptural works; audio-visual graphic and sculptural works; audio-visual works; sound recordings; and architectural works; sound recordings; and architectural works works

eligible for copyright protection as soon as it is eligible for copyright protection as soon as it is fixed in a tangible form fixed in a tangible form

Copyright LawsCopyright Laws

Established the fair use policy for Established the fair use policy for copyright holders copyright holders Defines conditions under which individuals Defines conditions under which individuals

may use copyrighted material without may use copyrighted material without permission permission

Possible to quote from a copyrighted work Possible to quote from a copyrighted work Fair use is a "defense" to copyright Fair use is a "defense" to copyright

infringement, not a right. infringement, not a right.

Copyright LawsCopyright Laws

Digital Millennium Copyright Act, DMCADigital Millennium Copyright Act, DMCA The act criminalizes production and The act criminalizes production and

dissemination of technology that can dissemination of technology that can circumvent measures taken to protect circumvent measures taken to protect copyright copyright

heightens the penalties for copyright heightens the penalties for copyright infringement on the Internet infringement on the Internet

Limited the liability of Online Providers Limited the liability of Online Providers

MPAAMPAA

Motion Picture Association of AmericaMotion Picture Association of America protect member interests through political protect member interests through political

lobbying for changes in copyright and criminal lobbying for changes in copyright and criminal lawlaw

Responsible for the film rating system Responsible for the film rating system

Setting DMCA regulationsSetting DMCA regulations

RIAARIAA

Recording Industry Association of AmericaRecording Industry Association of America Responsible for setting technical recording Responsible for setting technical recording

standardsstandards

Collection of music licenses and royaltiesCollection of music licenses and royalties

Setting DMCA regulationsSetting DMCA regulations

Digital Rights ManagementDigital Rights Management

To date all DRM methods have failedTo date all DRM methods have failed Physical protectionPhysical protection DIVXDIVX CSSCSS Product activationProduct activation Digital watermarkingDigital watermarking

Copyright InfringementCopyright Infringement

““Copyright infringement is the Copyright infringement is the unauthorized use of copyrighted material unauthorized use of copyrighted material in a manner that violates one of the in a manner that violates one of the copyright owner's exclusive rights, such as copyright owner's exclusive rights, such as the right to reproduce or perform the the right to reproduce or perform the copyrighted work, or to make derivative copyrighted work, or to make derivative works that build upon it. works that build upon it. (http://en.wikipedia.org/wiki/Copyright_infri(http://en.wikipedia.org/wiki/Copyright_infringement) ngement)

Copyright InfringementCopyright Infringement

BitTorrentBitTorrent Azureus, BitComet, BitLord, uTorrent Azureus, BitComet, BitLord, uTorrent

EDonkey, FastTrack and GnutellaEDonkey, FastTrack and Gnutella EDonkey 2000EDonkey 2000 KaZaA, GroksterKaZaA, Grokster Bearshare, Gnucleus, LimeWire, Morpheus, Bearshare, Gnucleus, LimeWire, Morpheus,

Phex, Shareaza Phex, Shareaza

BitTorrentBitTorrent

.torrent files.torrent files TrackersTrackers

SeedersSeeders Completed fileCompleted file

LeachersLeachers DownloadersDownloaders

BitTorrentBitTorrent

Protocol breaks the file(s) down into Protocol breaks the file(s) down into smaller fragments smaller fragments Requests from peers the fragments that Requests from peers the fragments that are most rareare most rareUploading fragments to their peers before Uploading fragments to their peers before the entire file is downloaded the entire file is downloaded Chooses the peer with the best network Chooses the peer with the best network connections for the fragments that it is connections for the fragments that it is requesting requesting

BitTorrentBitTorrent

uTorrentuTorrent

AdvancementsAdvancements

MPAA and RIAA followed in the footsteps MPAA and RIAA followed in the footsteps of file sharing softwareof file sharing software Napster, ITunesNapster, ITunes Warner BrothersWarner Brothers Network Television StationsNetwork Television Stations

This Concludes Our This Concludes Our PresentationPresentation

Any Questions?Any Questions?