BASICS OF COMPUTING

Spring Term 2011

Washington College

Professor Suydam

Week 13 Final Project Preparation & Privacy

AGENDA – WEEK 13

• Finishing up the JavaScript Dashboard

• Final Project Preparation

o Project – ideaso Major Componentso Presentationo Evaluation

13-2

AGENDA – WEEK 13

• Finishing up the JavaScript Dashboard

13-3

FINAL PROJECT -- IDEAS

• Subject Something you are “passionate” about “Doable” Within time constraints

• Budget preparation time • Project and Presentation are each 10% of total course

grade• Point of reference: HW5 was 8%

13-4

FINAL PROJECT -- MAJOR COMPONENTS

Website

Components MS Word MS Excel JavaScript or Java Applet Others – student option (e.g., sound, video, etc.),

but make relevant to your theme

PowerPoint

Links Website PowerPoint

13-5

FINAL PROJECT -- PRESENTATION

Contents What ~1/3 How ~2/3

Be animated

Show interest/enthusiasm

Smile

Rehearse

Timing

13-6

FINAL PROJECT -- IDEAS

13-7

FINAL PROJECT -- EVALUATION

13-8

PRIVACY: WHOSE INFORMATION IS IT?What is privacy? Examine a transaction of buying

Dating for Total Dummieso Information linking the purchase with the

customer

How can the information be used?o Book merchant collecting information is

ordinary business practiceo Book merchant sending advertisements

to customer is ordinary business practiceo What about merchant selling information

to other businesses?

Modern devices make it possible to violate people's privacy without their knowledge

In 1890, Brandeis wrote that individuals deserve "sufficient safeguards against improper circulation" of their images

13-9

CONTROLLING THE USE OF INFORMATION

Spectrum of control spans four main possibilities:1. No uses. Information should be deleted when the

store is finished with it

2. Approval or Opt-in. Store can use it for other purposes with customer's approval

3. Objection or Opt-out. Store can use it for other purposes if customer does not object

4. No limits. Information can be used any way the store chooses

5. Fifth possibility is internal use -- store can use information to continue conducting business with you

13-10

A PRIVACY DEFINITION

• Privacy: The right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude, and their behavior to others

• Threats to Privacy: Government and business• Voluntary Disclosure: We choose to reveal information

in return for real benefits (doctor, credit card company)

13-11

FAIR INFORMATION PRACTICES

OECD (Organization of Economic Cooperation and Development) in 1980 developed the standard eight-point list of privacy principles.

Limited Collection Principle Quality Principle Purpose Principle Use Limitation Principle Security Principle Openness Principle Participation Principle Accountability Principle

13-12

COMPARING PRIVACY ACROSS THE ATLANTIC

• U.S. has not adopted OECD principles

• China does not protect privacy

• European Union has European Data Protection Directive (OECD principles)

• EU Directive requires data on EU citizens to be protected at same standard even when it leaves their country

13-13

US LAWS PROTECTING PRIVACY

• Privacy Act of 1974 covers interaction with government

• Interactions with business:o Electronic Communication Privacy Act of 1986o Video Privacy Protection Act of 1988o Telephone Consumer Protection Act of 1991o Driver's Privacy Protection Act of 1994

• These all deal with specific business sectors—not an omnibus solution

13-14

PRIVACY PRINCIPLES: EUROPEAN UNION

Two points of disagreement between FTC (US) and OECD (Europe):o Opt-in/Opt-out

When can an organization use information it collects for one purpose, for a different purpose?

Opt-out is US standard except for highly sensitive data; Opt-in is European standard

o Compliance/Enforcement -- US has "voluntary compliance," EU has offices to control data

13-15

A PRIVACY SUCCESS STORY

Do-Not-Call List

o Telemarketing industry's "self-policing" mechanism required individuals to write a letter or make an on-line payment to stop telemarketing calls

o US government set up Do Not Call List. 80,000,000 households are on the list and telemarketing industry has largely collapsed

The Do-Not-Call registry does not prevent all unwanted calls. It does not cover the following:

o calls from organizations with which you have established a business relationship;

o calls for which you have given prior written permission;

o calls which are not commercial or do not include unsolicited advertisements;

o calls by or on behalf of tax-exempt non-profit organizations. 13-16

THE COOKIE MONSTER

• Cookie: Record containing seven fields of information that uniquely identify a customer's session on a website. Cookie is stored on customer's hard drive.

• Abuse: Third party cookieo Third party advertisers on web site enter

client/server relationship with customer as page loads

o Advertiser can set cookies, and can access cookies when user views other websites that advertiser uses

• Browser options:o Turn off cookieso Ask each time a server wants to set a cookieo Accept all cookies

13-17

IDENTITY THEFT

• Americans do not enjoy Security Principle

• Identity theft is the crime of posing as someone else for fraudulent purposes -- using information about person like credit card numbers, social security numbers

13-18

MANAGING YOUR PRIVACY

• Purchase up-to-date virus checking software

• Adjust your cookie preferences to match your comfort level

• Read the privacy statement of any website you give information to

• Review protections against phishing scams

• Patronize reputable companies for music, software, etc.

• Be skeptical

• Stay familiar with current assaults on privacy

13-19

ENCRYPTION AND DECRYPTION

Encryption Terminologyo Encryption: Transform representation so it is no

longer understandableo Cryptosystem: A combination of encryption and

decryption methodso Cleartext or Plaintext: Information before

encryption o Cipher text: Information in encrypted formo One-way cipher: Encryption system that cannot be

easily reversed (used for passwords)o Decryption: Reversing encryption process

13-20

13-21

ENCRYPTING A MESSAGE

BREAKING THE CODE

Longer text is easier to decode

o Notice what bit sequences show up frequently

o Knowledge of most frequent letters in the “cleartext” language

Smarter byte-for-byte substitutions

o Group more than two bytes

o Be sure not to exchange the key over unsecured connection

13-22

SUMMARIZING THE RSA SYSTEM*• RSA is an Internet encryption and authentication system that

uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers from Microsoft and Netscape.

• The algorithm involves multiplying two large prime numbers (a prime number is a number divisible only by that number and 1) and through additional operations deriving a set of two numbers that constitutes the public key and another set that is the private key.

13-23*Source: http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214273,00.html

A FAULT RECOVERY PROGRAM FOR BUSINESS

Keep a full copy of everything written on the system as of some date and time—full backup

Create partial backups—copies of changes since last full backup

After disaster, start by installing the last full backup copy

Re-create state of system by making changes stored in partial backups, in order

All data since last backup (full or partial) will be lost

13-24

BACKING UP A PERSONAL COMPUTERHow and What to Back Upo You can manually backup or get automatic backup software

that writes to an external drive (e.g., flash memory stick, writeable CD, iPod, Time Capsule)

o For manual backups, you do not have to backup data that: can be re-created from some permanent source, like

software was saved before, but has not changed you don’t care about

Recovering Deleted Information

o Backups also protect from accidental deletions

o Can save evidence of crime or other inappropriate behavior

o Remember that two copies of email are produced when sender hits send—one in sent mail file and one somewhere else, which the sender probably can't delete

13-25