This is Dr. Nancy Zeliff, and I will share with you information from Chapter 8, which is on Protecting People and Information: Threats and Safeguards.
After reading Chapter 8 and listening to or viewing this lecture, you will be able to define ethics and describe the two factors that affect how you make a decision concerning an ethical issue. Define and describe intellectual property, copyright, Fair Use Doctrine, and pirated software. Describe privacy and describe ways in which it can be threatened. Describe the ways in which information on your computer or network is vulnerable and list measures you can take to protect it.
As you know, the three components of an IT system are people, information, and information technology. We will focus on the best environment to handle information and look at ethics, personal privacy, threats to information, and protection of information.
Ethics are the principles and standards that guide our behavior toward other people. Ethics are rooted in a society’s or individual’s history, culture, and religion. An ethical person takes seriously the rights of others, the consequences that one’s actions will have for others, and the habits of mind and behavior that make for virtuous living.
Two factors affect how you make your decision when faced with an ethical dilemma. The first is your basic ethical structure, which you developed as you grew up. The second is the set of practical circumstances involved in the dilemma with which you are faced---which usually are not black and white, but all shades of gray.
It would be nice if every ethical decision were crystal clear. But ethical decisions are not always so easy. Ideally, your sense of what is ethical should tell you what to do. But practically speaking, any assessment of what is right or wrong can rarely be divorced from a variety of considerations. These consequences are: Consequences of the action or inaction, society’s opinion of the action or inaction, likelihood of effect from the action or inaction, consideration of people who will be affected by the action or inaction, and the “reach” of the action or inaction---often a ripple affect.
An ethical issue you will almost certainly encounter is one related to the use of copying or proprietary software. Software is an intellectual property, which is an intangible creative work that is embodied in physical form. Music, novels, paintings, and sculptures are all examples of intellectual property. Copyright laws protect the authorship of literary and dramatic works, musical and theatrical compositions, and works of art. Copyright is the legal protection afforded an expression of an idea, such as a song, video game, and some types of proprietary documents. Software is usually protected by copyright law, although sometimes it falls under patent law. The Fair Use Doctrine states that copyrighted material can be used in certain situations---in education for example. One of the limits is on the amount of copyrighted material you may use.
Copyright infringement is illegal. A determining factor in legal decisions on copyright disputes is whether the copyright holder has been or is likely to be denied income because of the infringement. Courts will consider factors such as how much of the work was used and how, and when and on what basis the decision was made to use it. Pirated software is the unauthorized use, duplication, distribution, or sale of copyrighted software. Software piracy costs businesses billions of dollars a year in lost revenue to the software manufacturers but also losses of tax revenue for governments. A piracy impact study also reveals that 500,000 new high tech jobs are lost due to software piracy.
Privacy is the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent. It’s the right to be free of unwanted intrusion into your private life. Two dimensions of privacy include psychologically the need for personal space and the need to feel in control of personal information and property. Legally, privacy is necessary for self-protection.
Snoopware for computers help people monitor what’s happening on a computer. For general snooping, you can get key logger software and install it on the computer you want to monitor. Key logger or key trapper software records every keystroke and mouse click. Screen capture programs periodically record what is on the screen. Packet sniffers examine information passing by on hubs, switchers, and routers. Log analysis tools keep track of logons and deletions. Hardware key loggers capture keystrokes moving between keyboard and motherboard. Did you know that color laser printers have patterns of yellow dots on the back that identify the model and serial number of the printer at the time the printout was made? This feature was included by manufacturers at the request of the Secret Service in efforts to help investigations of counterfeit currency. Both Photos taken with digital cameras and CDs that are burned provide information as well. Consider what law enforcement agencies can learn from these photos or CDs when investigating child pornography or other crimes. Event data recorders or EDR are becoming standard features on new vehicles and are part of the airbag control module. When the airbag is deployed, data for the five seconds prior to impact is transferred to a computer chip. Data retrieved from the chip can include the car’s speed at the time of impact, the engine’s RPM, the percent throttle, whether the brakes were applied, and whether a seat belt was used. What can this tell insurance agencies or law enforcement personnel about an automobile crash?
Identity theft is the forging of someone’s identity for the purpose of fraud. The fraud is often for financial gain or to hide from law enforcement.
A common way to steal identities online is called phishing (or carding or brand spoofing). It is a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent email. One way this is done is by sending fraudulent emails as if they came from legitimate companies. eBay and PayPal are common companies fraudulently represented. Emails come with links to web sites that look real and when you click on the link, you are directed to a website that will log your logon and get your username and password to access your account. Spear phishing is phishing that is targeted to specific individuals because more information is needed in addition to what is already known. Whaling is the use of phishing targeted at senior business executives, government leaders, and other types of high-profile individuals. Pharming is the rerouting of your request for a legitimate Web site. You may type in the correct address for your bank but be rerouted to a fake site that collects your log in information. Look for the padlock in the browser (not the Web site) to let you know that you are at a secure site.
Even though I am sure you know of these, here are reminders of ways to protect yourself against identify theft. Shred personal documents; store personal documents at home in a secure, nonpublic place; check your credit report annually; do not print your SS# or Driver’s license number on checks; you can’t win a lottery you haven’t entered; check for https or a padlock icon on web sites where you enter personal or financial information; use strong passwords with lower/uppercase letters, symbols and numbers; and use different passwords for varied applications.
By law, employers can monitor employee’s emails and computer work. It is not uncommon in some organizations that social media sites are blocked, including YouTube. Personal email use or personal Internet surfing may not even be allowed. Employee monitoring is done to ensure appropriate behavior is conducted while on the job, to avoid litigation for employee misconduct, and for protection of intellectual property or an organization’s network.
Massive amounts of personal information about customers or potential customers are available to businesses. Customer relationship management (CRM) systems are one of the fastest growing areas of software development. Amazon’s famous recommendations that “People who bought this product also bought” is an example of Web personalization. Web traffic tracking companies such as DoubleClick follow Web surfers around the Web and sell the information about where surfers went and for how long. DoubleClick identifies people who might be receptive and sends them ads as a banner or pop-up. Wonder why you get so many pop-ups? It could be because you are a frequent Web surfer.
Cookies are the basic tool of consumer Web monitoring. Cookies are a small files that contains information about you and your Web activities, which a Web site you visit places on your computer. Cookies keep ID and password information so you won’t have to verify each time you access that web site. Cookies store shopping carts, so the next time you log on, you can see your wish list. Cookies can also track your Web activity, monitoring and recording what sites you visit and for how long, what site you came from and the next one you went to. Some cookies are temporary and others stay permanently. So you want a cookie-free diet? You can set your browser to accept or reject cookies and to warn you when a site wants to put a cookie on your computer. You can also use a cookie management software.
You might also want a spam-free diet. Spam is unsolicited email from businesses advertising goods and services. Spam filters, such as Barracuda that Northwest uses, can help reduce or eliminate spam email.
Adware is software used to generate ads that installs itself on your computer when you download some other (usually free) program from the Web. Recently, I updated my version of Flash and up popped an ad asking if I wanted the Google Toolbar and Google Chrome as my default browser. I guess Adobe and Google are buddies! Adware is a type of Trojan horse software-software you don’t want inside software you do want. Spyware (also called sneakware or stealthware) is malicious software that collects information about you and your computer and reports it to someone without your permission. It usually comes hidden in downloadable software and tracks your online movements or mines information stored on your computer.
Even without spyware, a Web site can tell a lot about its Web visitors from its Web log. A Web log consists of one line of information for every visitor to a Web site and is usually stored on a Web server. A record of your clickstream is recorded, which is information about what Web sites you visited, how long you were there, what ads you looked at, and what you bought. There are AWB or Anonymous Web Browsing software, which hides your identity from the Web sites you visit.
Government agencies have about 2000 databases containing personal information on individuals. This information is needed to operate effectively and since 9-11, it is needed for national security.
Law enforcement personnel check license plates and driver’s licenses through the National Crime Information Center. This database stores information on criminal records of more than 20 million people, including outstanding warrants, missing children, gang members, juvenile delinquents, and stolen guns and cars. Electronic surveillance of emails and other electronic devices by federal agencies is conducted. Camera surveillance in public places is present, as well as private businesses, such as Walmart stores and gambling casinos.
Two more common US laws on privacy are HIPAA, which protects one’s personal health information. The Financial Services Modernization Act requires that financial institutions protect personal customer information. Other federal laws in place to protect privacy include the USA Patriot Act, Homeland Security Act, Sarbanes-Oxley, and the CAN-Spam Act.
Organizations need to have security measures in place to not only protect itself from outside threats, but from internal threats--unethical actions of their employees. Employee misconduct is more costly than assaults from the outside.
Hackers are generally knowledgeable computer users who use their knowledge to invade other people’s computers. Some hackers hack for fun; others, called hacktivists, have a philosophical or political message they want to share. Others, called crackers, are hired guns who illegally break in to steal information for a fee. Cybercrimes range from electronically breaking and entering to cyberstalking. Computer viruses and denial-of-service are the two most common cybercrimes. A computer virus is software that is written with malicious intent to cause annoyance or damage. Worms are the most common virus that spread themselves from file to file and computer to computer. A denial-of-service (DoS) attack floods a server or network with so many requests for service that it slows down or crashes. The objective is to prevent legitimate customers from accessing the target site.
Security measures include anti-virus software that detects and removes or quarantines computer viruses. Northwest uses Microsoft ForeFront. Other measures include the use of anti-spyware, anti-adware, and anti-phising software. A firewall also protects a computer or network by restricting what is allowed “in” the system. The firewall examines each message as it seeks entrance to the network. Unless the message has the “right” markings, the firewall will block it from entering. Filters can also be in place to block certain Web sites.
Firewalls keep outsiders out but to protect against insiders, authentication measures can be used. Three ways of proving one’s access rights include what you know (a password), what you have (a fob or access key), or what you look like (your fingerprint or iris). The use of fingerprints or the scanning of one’s iris is the use of biometrics or the use of a physical characteristic for identification purposes. If you want to protect your messages and files, you can encrypt them. Encryption scrambles the contents of a file so that you can’t read it without having the right decryption key. Credit card companies and online banking services use a PKE or public key encryption, which is a system where there are two keys-a public one for everyone and a private one for the recipient. It works like a safe, where everyone can shut the safe door, but only the person with the right safe combination can open the safe.
This concludes the discussion of Chapter 8.