cmc privacy trust
TRANSCRIPT
-
7/28/2019 CMC Privacy Trust
1/43
CMC: Privacy
and TrustMichelle Read
-
7/28/2019 CMC Privacy Trust
2/43
Intellectual Property Law
Penalties exist for abusing another partys famous marks,copies or inventions. However, ideas are not tangible
3 Main areas:
Copyright Law
Trademark Law
Patent Law
Each country has its own laws
World Intellectual Property Organization
Promotes the protection of intellectual property rightsaround the world, and may arbitrate disputes as well.
-
7/28/2019 CMC Privacy Trust
3/43
Copyright Law
Expressed and Fixed not an idea in ones head
To register a copyright
Get Permission
Creative Commons (think: Flickr, among others).
Fair Use for education
Purpose and Character of Use
Nature of the Work
Relevant Amount
Effect on the Market
-
7/28/2019 CMC Privacy Trust
4/43
Copyright Law, cont.
Peer-to-Peer File Sharing of
Copyrighted Materials and U.S. Law
Copyrighted music95% of downloads are unpaid for
Primary and Secondary Infringers
P2P File Sharingmust be sharing between two individuals.
Napster was illegal because files were stored on a central server.
However, new Peer-to-Peer programs are not illegal becausethere is no central server. Users connect directly to anotherusers computer
-
7/28/2019 CMC Privacy Trust
5/43
Trademark Law
- A logo, acronym, word, color scheme, combination ofsounds, or any other symbolic device used to distinguish aproduct or service as unique
3 Criteria must be met
Active use
Can not be ambiguous or ordinary
Can not be misleadingly comparable to preexisting trademarks
in the marketplace
-
7/28/2019 CMC Privacy Trust
6/43
Trademark Law, cont.
Complications of the Internet
Pre-existing trademark claims
Global Trademark Disputes
Trademark Dilution
Domain-name disputes
Adam Curry: he purchased the domain mtv.com before MTV!
PETA: first purchased by People Eating Tasting Animals
Hasbro: candyland.com was first purchased by a pornographycompany
U.S. Anticybersquatting Consumer Protection Act of 1999
-
7/28/2019 CMC Privacy Trust
7/43
Patent Law
any new and useful process, machine, manufacture, orcomposition of matter, or any new and useful improvementthereof
Complications of the InternetNo direct effect
Concern of ease of communication
-
7/28/2019 CMC Privacy Trust
8/43
First Amendment Issues
What is Free Speech Law?
Congress shall make no law respecting an establishment ofreligion, prohibiting the free exercise thereof; or abridging the
freedom of speech, or of the press; or the right of the peoplepeaceably to assemble, and to petition, the government for aredress of grievances
Certain Types of speech are treated differently
Unpopular, Controversial and Offensive Communications
Indecent and Obscene Communications
Controversies over filtering devices
-
7/28/2019 CMC Privacy Trust
9/43
Unpopular, Controversial and
Offensive Communications
SpamUnsolicited Commercial Electronic Mail Act of 2001:UnsuccessfulSpam is legal
Hate Speech and Hate LiteratureExtremist political speechISPs set up their own rules for handling hate websitesPotential of inciting violence is illegal
2001 Patriot Act: this changed everything
CyberstalkingInterstate Stalking Act of 1996
-
7/28/2019 CMC Privacy Trust
10/43
Cyberbullying vs Cyber-
harassment
Definitions:
"Cyberbullying" is when a child, preteen or teen is
tormented, threatened, harassed, humiliated, embarrassed orotherwise targeted by another child, preteen or teen using theInternet, interactive and digital technologies or mobilephones.
Cyber-harrassment is the same as above only the victimand/or perpetrator(s) are adults
-
7/28/2019 CMC Privacy Trust
11/43
Tort Liability
What is Tort Law?Broad area of law dealing with civil wrongs caused to a party for which anotherparty is liable and involves monetary damages
Four areas of non-physical tort
a. Invasion of Privacy
b. Intentional Infliction of mental distress and defamation
c. Libel
d. Slander
Beware: A Lighter Burden of Proof for Civil Action
Different rules from criminal law: only requires a preponderance of the evidence vs.Beyond a reasonable doubt
-
7/28/2019 CMC Privacy Trust
12/43
Privacy Law
The Four Privacy Torts
Public disclosure of embarrassing private facts
Intrusion
False Light
Not be commercially exploited
-
7/28/2019 CMC Privacy Trust
13/43
Libel, Slander and
Defamation
Defamation:
Related to libel and slander, occurs when a someonecommunicates untrue information that lowers a persons
status or subjects a person to public disdain and/orembarrassment.
Libel: written untruths
Slander: spoken untruths
-
7/28/2019 CMC Privacy Trust
14/43
Your Responsibility
It is YOUR responsibility to protect your personal information from:
Theft
Loss
unauthorized Access
unauthorized Disclosure
unauthorized Copying
unauthorized Use
This applies not only to computer files/documents but also paperfiles/documents.
-
7/28/2019 CMC Privacy Trust
15/43
Protection
Self protection
BehaviorTaking Charge Password security
Institutional/Company protection--AUP
-
7/28/2019 CMC Privacy Trust
16/43
Taking Charge
2-16
1.While you may feel secure in the privacy of your
own home, each time you connect to the Internet
you enter PUBLIC space.
2.You need to minimize your personal risks as you
work and play online.
2.You have both right and responsibilities.
The Internet has its own code of conduct
Actions that you take have consequences
-
7/28/2019 CMC Privacy Trust
17/43
Acceptable Use
Policies/Terms of Service
All computer accounts and some public servers are subjectto an Acceptable Use Policy (AUP)
An AUP is a policy that outlines appropriate use of the
Internet and is enforced by system administrators Violating the AUP can result of the withdrawal of your
Internet access privileges
The restrictions that pertain to an ISP account are calledthe terms of service
When you sign up for an account, you also agree to theterms of service or AUP
You should locate and periodically check your accountsTOS or institutions/companys AUP.
2-17
-
7/28/2019 CMC Privacy Trust
18/43
Acceptable Use Policies
Common university AUPs include the prohibition of the use ofuniversity resources for:
Commercial activity Academic dishonesty Harassment
Some universities also prohibit the use of specific Internetservices, such as some music sharing sites
K12 often have more strict rules regarding what students mayaccess (e.g., YouTube, Facebook). Privileges may be grantedas students age. However, often this means thataccountability and consequences are more strictly enforcedtoo.
2-18
-
7/28/2019 CMC Privacy Trust
19/43
Password Security
Your password is the first line of defense
While you may think that your account has nothing to offer,someone can use it as a starting point to access other
accounts System administrators have resources to maintain accounts
and the system
No system administrator will need to ask you for yourpassword
Do not be tricked by an email, no matter how officiallooking, asking you for your password
2-19
-
7/28/2019 CMC Privacy Trust
20/43
Password Security Tips
Choose a password that is at least 8 characters longif allowed.
Mix numbers and/or special characters into your passwordifallowed.
Make your password is meaningful to you, but not easilyguessed by others.
Do not use names of people, places or things that areidentifiable to you.
Do not use portions of identifying numbers such as your drivers
license, social security #, etc.
Do not use the same password for multiple sites. Use apassword management tool if necessary. Hackers can gainaccess to all of your accounts, if they can just get it for one!
Never share your password(s) with others.2-20
-
7/28/2019 CMC Privacy Trust
21/43
Phishing
Phishing is a form of online fraud characterized by unsolicitede-mail messages seeking personal information for fraudulentpurposes.
Phish often appears to originate from reputable sources thatmaintain accounts for the recipient.
Spear phishing is a large scale phishing effort directed at allemployees of a company intended to capture an accountname and password.
2-21
-
7/28/2019 CMC Privacy Trust
22/43
Phishing
Here are some tips to help you identify phishing expeditions:
References to accounts that you do not have.
A general salutation (Dear Valued Customer) rather than one
by name.Grammar and spelling errors.
Mismatch in the URL of embedded links with that of theapparent source (URLs of links display in the status bar at thebottom of the web page when the cursor hovers over them).
Contact the apparent source directly using other trustedmeans first.
2-22
-
7/28/2019 CMC Privacy Trust
23/43
Phishing
Some tips from the Federal Trade Commission:
Dont provide personal information unless you initiate thecontact or can verify the identity of the agent receiving it
Never click on links from an unsolicited e-mailLegitimate organizations neverrequest or seek confirmation ofpersonal information via e-mail or phone
Forward to [email protected] and the companybeing impersonated
2-23
-
7/28/2019 CMC Privacy Trust
24/43
Identity Theft
Occurs when stolen personal information is used to openaccounts used to make fraudulent purchases.
In many cases, information is stolen from third party business
records.Not limited to internet activity
Warning signs:
Late or missing bills.
Receipt of credit cards or other lines of credit not requested.
Requests for payment from debt collectors.
2-24
-
7/28/2019 CMC Privacy Trust
25/43
Identity Theft
If your identity is stolen:
Notify any of three major credit bueaus: Equifax, Experian, orTransUnion
Close compromised accounts.File report with local law enforcement office.
File a complaint with the FTC.
Contact relevant government agencies to cancel/replacestolen licenses or IDs. And flag your account appropriately.
Consult your financial institution about bank and otheraccounts.
2-25
-
7/28/2019 CMC Privacy Trust
26/43
Viruses, Trojan Horses,
and Worms
Some software is a security riskThe mainstream news calls all such software viruses, butthere are three different classes of such softwareA virus is a computer program that can replicate itself throughfiles to move from computer to computerSome viruses are benignOthers are very destructiveA worm is a program that is similar to a virus, but spreadsthrough a network
Software can be exploited by wormsSome worms run over several computersOthers communicate among themselves over the networkA worm may be malicious or may take up system resources,causing a slowdown in performance
2-26
-
7/28/2019 CMC Privacy Trust
27/43
Securing Your Computer
You can take control and secure your computer
Use antivirus software and keep it updated
Antivirus software can scan files moving from the computer
onto disks and CDsYour email and downloaded files can also be scanned
Since new viruses are created every day, the data files neededto detect these viruses needs to be kept up-to-date
Use anti-spyware software
2-27
-
7/28/2019 CMC Privacy Trust
28/43
Firewall
Install a firewall on your home computer (especially if you usea broadband connection)
Do not download files offered to you in chat rooms or personalWeb pages
For maximum safety, encrypt all files that contain sensitiveinformation or store them offline on removable media
Do not leave your computer connected to the Internet anylonger than necessary
2-28
-
7/28/2019 CMC Privacy Trust
29/43
Firewalls
A firewall is software that
monitors all attempts to move bytes over the Internet ineither direction and
notifies you when such movement is attempted.Firewalls previously were only used by large organizations butnow home users can install them on their computers.
They can prevent a Trojan horse from stealing your files orspyware from phoning home.
2-29
-
7/28/2019 CMC Privacy Trust
30/43
Internet Scams
Scams are nothing new, but the Internet makes it easier forthem to reach you
Examples include:
Get rich quick offersMiracle health cures
Guaranteed loans or credit
Your credit report repaired for a fee
If it sounds to good to be true, then it probably is
2-30
-
7/28/2019 CMC Privacy Trust
31/43
Protecting Your Privacy
The Internet has provided opportunities for data collectionthat go far beyond a marketers wildest dreams
Your browser contains information about you, including thetypes of sites you visit
Web pages can also be programmed to collect informationabout you, such as when you visited the site
The Online Personal Privacy Act (2002) limits the kinds ofinformation that is collected
2-31
-
7/28/2019 CMC Privacy Trust
32/43
Protecting Your Privacy
To protect your privacy:
Do not provide personal information unless it is needed for acredit card transaction
Do not provide your Social Security Number or other sensitiveinformation
When you do provide personal information, read the sitesPrivacy Policy
Some companies sell your information, but you can opt-out ofthis or choose not to use the software/company
Note: not only are websites collecting your information: doyou use a Tivo or DVR? Do you use a credit card at Target? Doyou have a Randalls Remarkable card?
2-32
-
7/28/2019 CMC Privacy Trust
33/43
Laptops and Wireless
Networks
Because of their mobility and the ubiquity of wirelessnetworks, laptops are especially prone to attack
Many wireless networks are unsecured, allowing access to anyand all
Thieves can usepacket sniffers to capture wirelesstransmissions
If transmissions are not encoded, thieves can capture vitalinformation
2-33
-
7/28/2019 CMC Privacy Trust
34/43
Laptops and Wireless
Networks
When joining a wireless network, keep these safety tips inmind:
Use encryption for communication, via a WPA or WEP
encryption scheme (WPA is better) - an access key is requiredfor these networks
Keep your antivirus and antispyware software up-to-date
Make sure your firewall is on
2-34
-
7/28/2019 CMC Privacy Trust
35/43
Laptops and Wireless
Networks
Safety tips continued:
Use a virtual private network (VPN) when connecting to yourinstitutions network (ask the IT staff for help)
Disable File and Printer SharingKeep your folders/directories private
Password protect your sensitive files
2-35
-
7/28/2019 CMC Privacy Trust
36/43
Email Privacy
Corporations/educational institutions can monitor email andWWW usage
Email threads are recorded and documented conversations
It is illegal for your company to monitor phone calls however, they can monitor email and WWW usage.
Free email programs (gmail, hotmail, aol, etc) scan email forviruses
Gmail scans the text this is used to determine the types of
advertisements in your Gmail
-
7/28/2019 CMC Privacy Trust
37/43
Trust: Different types
trust others not to share our information
trust systems to route and protect information
trust 3rd parties not to collect/track our information tracesand not use them publicly for advertising, targeting potentialcriminal behavior, non-normative behavior, etc?
-
7/28/2019 CMC Privacy Trust
38/43
A Multi-disciplinary
concept ofTrust
Although some philosophers write about trust thatis not interpersonal, including institutional trusttrust in government and self-trust most would
agree that these forms oftrust are coherent onlyif they share important features of (i.e. can bemodeled on) interpersonal trust. This is why I saythat the dominant paradigm of trust is
interpersonal. (McLeod, 2006)
-
7/28/2019 CMC Privacy Trust
39/43
Interpersonal Trust
Trustworthiness is a characteristic we infer, Trust
is an attitude that is constructed over time
Trust exists when one party to the relation believes the otherparty has incentive to act in his or her interest or to take hisor her interest to heart.
-
7/28/2019 CMC Privacy Trust
40/43
More
Trust is optimistic; the opposite is distrust.
The truster accepts some level ofrisk orvulnerability
There must exist a potential for betrayal
-
7/28/2019 CMC Privacy Trust
41/43
What about Trust in
Systems?
Role ofBetrayal
If we trust someone to do something, if he/she/it doesnot do so we are disappointed.
But can this betrayal really occur with inanimate objects?(computer, online service, software)
-
7/28/2019 CMC Privacy Trust
42/43
Sources of Uncertainty in
Exchange/Interaction
Quality ofgoods or services
Structural uncertainty of an exchange
Uncertainty about finding an exchangepartner
-
7/28/2019 CMC Privacy Trust
43/43
What are the Solutions to
Uncertainty in CMC
Environments?Proxies and inferred trustworthiness
Institutional backing
Closed Systems versus Open SystemsExperiential, often negative-only reputations (not explicit)
3rd party (explicit) reputation