cmc privacy trust

7/28/2019 CMC Privacy Trust

1/43

CMC: Privacy

and TrustMichelle Read


2/43

Intellectual Property Law

Penalties exist for abusing another partys famous marks,copies or inventions. However, ideas are not tangible

3 Main areas:

Copyright Law

Trademark Law

Patent Law

Each country has its own laws

World Intellectual Property Organization

Promotes the protection of intellectual property rightsaround the world, and may arbitrate disputes as well.


3/43

Copyright Law

Expressed and Fixed not an idea in ones head

To register a copyright

Get Permission

Creative Commons (think: Flickr, among others).

Fair Use for education

Purpose and Character of Use

Nature of the Work

Relevant Amount

Effect on the Market


4/43

Copyright Law, cont.

Peer-to-Peer File Sharing of

Copyrighted Materials and U.S. Law

Copyrighted music95% of downloads are unpaid for

Primary and Secondary Infringers

P2P File Sharingmust be sharing between two individuals.

Napster was illegal because files were stored on a central server.

However, new Peer-to-Peer programs are not illegal becausethere is no central server. Users connect directly to anotherusers computer


5/43

Trademark Law

- A logo, acronym, word, color scheme, combination ofsounds, or any other symbolic device used to distinguish aproduct or service as unique

3 Criteria must be met

Active use

Can not be ambiguous or ordinary

Can not be misleadingly comparable to preexisting trademarks

in the marketplace


6/43

Trademark Law, cont.

Complications of the Internet

Pre-existing trademark claims

Global Trademark Disputes

Trademark Dilution

Domain-name disputes

Adam Curry: he purchased the domain mtv.com before MTV!

PETA: first purchased by People Eating Tasting Animals

Hasbro: candyland.com was first purchased by a pornographycompany

U.S. Anticybersquatting Consumer Protection Act of 1999


7/43

Patent Law

any new and useful process, machine, manufacture, orcomposition of matter, or any new and useful improvementthereof

Complications of the InternetNo direct effect

Concern of ease of communication


8/43

First Amendment Issues

What is Free Speech Law?

Congress shall make no law respecting an establishment ofreligion, prohibiting the free exercise thereof; or abridging the

freedom of speech, or of the press; or the right of the peoplepeaceably to assemble, and to petition, the government for aredress of grievances

Certain Types of speech are treated differently

Unpopular, Controversial and Offensive Communications

Indecent and Obscene Communications

Controversies over filtering devices


9/43

Unpopular, Controversial and

Offensive Communications

SpamUnsolicited Commercial Electronic Mail Act of 2001:UnsuccessfulSpam is legal

Hate Speech and Hate LiteratureExtremist political speechISPs set up their own rules for handling hate websitesPotential of inciting violence is illegal

2001 Patriot Act: this changed everything

CyberstalkingInterstate Stalking Act of 1996


10/43

Cyberbullying vs Cyber-

harassment

Definitions:

"Cyberbullying" is when a child, preteen or teen is

tormented, threatened, harassed, humiliated, embarrassed orotherwise targeted by another child, preteen or teen using theInternet, interactive and digital technologies or mobilephones.

Cyber-harrassment is the same as above only the victimand/or perpetrator(s) are adults


11/43

Tort Liability

What is Tort Law?Broad area of law dealing with civil wrongs caused to a party for which anotherparty is liable and involves monetary damages

Four areas of non-physical tort

a. Invasion of Privacy

b. Intentional Infliction of mental distress and defamation

c. Libel

d. Slander

Beware: A Lighter Burden of Proof for Civil Action

Different rules from criminal law: only requires a preponderance of the evidence vs.Beyond a reasonable doubt


12/43

Privacy Law

The Four Privacy Torts

Public disclosure of embarrassing private facts

Intrusion

False Light

Not be commercially exploited


13/43

Libel, Slander and

Defamation

Defamation:

Related to libel and slander, occurs when a someonecommunicates untrue information that lowers a persons

status or subjects a person to public disdain and/orembarrassment.

Libel: written untruths

Slander: spoken untruths


14/43

Your Responsibility

It is YOUR responsibility to protect your personal information from:

Theft

Loss

unauthorized Access

unauthorized Disclosure

unauthorized Copying

unauthorized Use

This applies not only to computer files/documents but also paperfiles/documents.


15/43

Protection

Self protection

BehaviorTaking Charge Password security

Institutional/Company protection--AUP


16/43

Taking Charge

2-16

1.While you may feel secure in the privacy of your

own home, each time you connect to the Internet

you enter PUBLIC space.

2.You need to minimize your personal risks as you

work and play online.

2.You have both right and responsibilities.

The Internet has its own code of conduct

Actions that you take have consequences


17/43

Acceptable Use

Policies/Terms of Service

All computer accounts and some public servers are subjectto an Acceptable Use Policy (AUP)

An AUP is a policy that outlines appropriate use of the

Internet and is enforced by system administrators Violating the AUP can result of the withdrawal of your

Internet access privileges

The restrictions that pertain to an ISP account are calledthe terms of service

When you sign up for an account, you also agree to theterms of service or AUP

You should locate and periodically check your accountsTOS or institutions/companys AUP.

2-17


18/43

Acceptable Use Policies

Common university AUPs include the prohibition of the use ofuniversity resources for:

Commercial activity Academic dishonesty Harassment

Some universities also prohibit the use of specific Internetservices, such as some music sharing sites

K12 often have more strict rules regarding what students mayaccess (e.g., YouTube, Facebook). Privileges may be grantedas students age. However, often this means thataccountability and consequences are more strictly enforcedtoo.

2-18


19/43

Password Security

Your password is the first line of defense

While you may think that your account has nothing to offer,someone can use it as a starting point to access other

accounts System administrators have resources to maintain accounts

and the system

No system administrator will need to ask you for yourpassword

Do not be tricked by an email, no matter how officiallooking, asking you for your password

2-19


20/43

Password Security Tips

Choose a password that is at least 8 characters longif allowed.

Mix numbers and/or special characters into your passwordifallowed.

Make your password is meaningful to you, but not easilyguessed by others.

Do not use names of people, places or things that areidentifiable to you.

Do not use portions of identifying numbers such as your drivers

license, social security #, etc.

Do not use the same password for multiple sites. Use apassword management tool if necessary. Hackers can gainaccess to all of your accounts, if they can just get it for one!

Never share your password(s) with others.2-20


21/43

Phishing

Phishing is a form of online fraud characterized by unsolicitede-mail messages seeking personal information for fraudulentpurposes.

Phish often appears to originate from reputable sources thatmaintain accounts for the recipient.

Spear phishing is a large scale phishing effort directed at allemployees of a company intended to capture an accountname and password.

2-21


22/43

Phishing

Here are some tips to help you identify phishing expeditions:

References to accounts that you do not have.

A general salutation (Dear Valued Customer) rather than one

by name.Grammar and spelling errors.

Mismatch in the URL of embedded links with that of theapparent source (URLs of links display in the status bar at thebottom of the web page when the cursor hovers over them).

Contact the apparent source directly using other trustedmeans first.

2-22


23/43

Phishing

Some tips from the Federal Trade Commission:

Dont provide personal information unless you initiate thecontact or can verify the identity of the agent receiving it

Never click on links from an unsolicited e-mailLegitimate organizations neverrequest or seek confirmation ofpersonal information via e-mail or phone

Forward to [email protected] and the companybeing impersonated

2-23


24/43

Identity Theft

Occurs when stolen personal information is used to openaccounts used to make fraudulent purchases.

In many cases, information is stolen from third party business

records.Not limited to internet activity

Warning signs:

Late or missing bills.

Receipt of credit cards or other lines of credit not requested.

Requests for payment from debt collectors.

2-24


25/43

Identity Theft

If your identity is stolen:

Notify any of three major credit bueaus: Equifax, Experian, orTransUnion

Close compromised accounts.File report with local law enforcement office.

File a complaint with the FTC.

Contact relevant government agencies to cancel/replacestolen licenses or IDs. And flag your account appropriately.

Consult your financial institution about bank and otheraccounts.

2-25


26/43

Viruses, Trojan Horses,

and Worms

Some software is a security riskThe mainstream news calls all such software viruses, butthere are three different classes of such softwareA virus is a computer program that can replicate itself throughfiles to move from computer to computerSome viruses are benignOthers are very destructiveA worm is a program that is similar to a virus, but spreadsthrough a network

Software can be exploited by wormsSome worms run over several computersOthers communicate among themselves over the networkA worm may be malicious or may take up system resources,causing a slowdown in performance

2-26


27/43

Securing Your Computer

You can take control and secure your computer

Use antivirus software and keep it updated

Antivirus software can scan files moving from the computer

onto disks and CDsYour email and downloaded files can also be scanned

Since new viruses are created every day, the data files neededto detect these viruses needs to be kept up-to-date

Use anti-spyware software

2-27


28/43

Firewall

Install a firewall on your home computer (especially if you usea broadband connection)

Do not download files offered to you in chat rooms or personalWeb pages

For maximum safety, encrypt all files that contain sensitiveinformation or store them offline on removable media

Do not leave your computer connected to the Internet anylonger than necessary

2-28


29/43

Firewalls

A firewall is software that

monitors all attempts to move bytes over the Internet ineither direction and

notifies you when such movement is attempted.Firewalls previously were only used by large organizations butnow home users can install them on their computers.

They can prevent a Trojan horse from stealing your files orspyware from phoning home.

2-29


30/43

Internet Scams

Scams are nothing new, but the Internet makes it easier forthem to reach you

Examples include:

Get rich quick offersMiracle health cures

Guaranteed loans or credit

Your credit report repaired for a fee

If it sounds to good to be true, then it probably is

2-30


31/43

Protecting Your Privacy

The Internet has provided opportunities for data collectionthat go far beyond a marketers wildest dreams

Your browser contains information about you, including thetypes of sites you visit

Web pages can also be programmed to collect informationabout you, such as when you visited the site

The Online Personal Privacy Act (2002) limits the kinds ofinformation that is collected

2-31


32/43

Protecting Your Privacy

To protect your privacy:

Do not provide personal information unless it is needed for acredit card transaction

Do not provide your Social Security Number or other sensitiveinformation

When you do provide personal information, read the sitesPrivacy Policy

Some companies sell your information, but you can opt-out ofthis or choose not to use the software/company

Note: not only are websites collecting your information: doyou use a Tivo or DVR? Do you use a credit card at Target? Doyou have a Randalls Remarkable card?

2-32


33/43

Laptops and Wireless

Networks

Because of their mobility and the ubiquity of wirelessnetworks, laptops are especially prone to attack

Many wireless networks are unsecured, allowing access to anyand all

Thieves can usepacket sniffers to capture wirelesstransmissions

If transmissions are not encoded, thieves can capture vitalinformation

2-33


34/43


Networks

When joining a wireless network, keep these safety tips inmind:

Use encryption for communication, via a WPA or WEP

encryption scheme (WPA is better) - an access key is requiredfor these networks

Keep your antivirus and antispyware software up-to-date

Make sure your firewall is on

2-34


35/43


Networks

Safety tips continued:

Use a virtual private network (VPN) when connecting to yourinstitutions network (ask the IT staff for help)

Disable File and Printer SharingKeep your folders/directories private

Password protect your sensitive files

2-35


36/43

Email Privacy

Corporations/educational institutions can monitor email andWWW usage

Email threads are recorded and documented conversations

It is illegal for your company to monitor phone calls however, they can monitor email and WWW usage.

Free email programs (gmail, hotmail, aol, etc) scan email forviruses

Gmail scans the text this is used to determine the types of

advertisements in your Gmail


37/43

Trust: Different types

trust others not to share our information

trust systems to route and protect information

trust 3rd parties not to collect/track our information tracesand not use them publicly for advertising, targeting potentialcriminal behavior, non-normative behavior, etc?


38/43

A Multi-disciplinary

concept ofTrust

Although some philosophers write about trust thatis not interpersonal, including institutional trusttrust in government and self-trust most would

agree that these forms oftrust are coherent onlyif they share important features of (i.e. can bemodeled on) interpersonal trust. This is why I saythat the dominant paradigm of trust is

interpersonal. (McLeod, 2006)


39/43

Interpersonal Trust

Trustworthiness is a characteristic we infer, Trust

is an attitude that is constructed over time

Trust exists when one party to the relation believes the otherparty has incentive to act in his or her interest or to take hisor her interest to heart.


40/43

More

Trust is optimistic; the opposite is distrust.

The truster accepts some level ofrisk orvulnerability

There must exist a potential for betrayal


41/43

What about Trust in

Systems?

Role ofBetrayal

If we trust someone to do something, if he/she/it doesnot do so we are disappointed.

But can this betrayal really occur with inanimate objects?(computer, online service, software)


42/43

Sources of Uncertainty in

Exchange/Interaction

Quality ofgoods or services

Structural uncertainty of an exchange

Uncertainty about finding an exchangepartner


43/43

What are the Solutions to

Uncertainty in CMC

Environments?Proxies and inferred trustworthiness

Institutional backing

Closed Systems versus Open SystemsExperiential, often negative-only reputations (not explicit)

3rd party (explicit) reputation

cmc privacy trust

Documents