Download Equitable Access

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
Document related concepts

Ad blocking wikipedia , lookup

Computer security wikipedia , lookup

Early access wikipedia , lookup

Transcript 
Policy
Week 13
LBSC 690
Information Technology
Agenda
• Questions
• Equitable access
• Appropriate use
• Project demonstrations
Equitable Access
• Computing facilities
– Hardware, software
• Networks
– Speed, continuity, access points
• Information sources
– Per-use fee vs. subscription vs. advertising
– Language
• Skills
– System, access strategies, information use
Computing as a Social Process
• Ownership
• Identity
• Privacy
• Integrity
Ownership
• Who has the right to use a computer?
• Who establishes this policy? How?
– What equity considerations are raised?
• Can someone else deny access?
– Denial of service attacks
• How can denial of service be prevented?
– Who can gain access and what can they do?
Identity
• Establishing identity permits access control
• What is identity in cyberspace?
– Attribution
• When is it desirable?
– Impersonation
• How can it be prevented?
• Forgery is really easy
– Just set up your mailer with bogus name and email
Anonymity
• Serves several purposes
–
–
–
–
Sensitive issues on discussion groups
Brainstorming
Whistleblowers
Marketing (“Spam”)
• Common techniques
– Anonymous remailers
– Pseudonyms
Privacy
• What privacy rights do computer users have?
– On email?
– When using computers at work? At school?
– What about your home computer?
• What about data about you?
– In government computers?
– Collected by companies and organizations?
• Does obscurity offer any privacy?
Privacy Protection
• Privacy Act of 1974
– Applies only to government records
• TrustE certification guidelines
– Site-specific privacy policies
– Federal Trade Commission enforcement
• Organizational monitoring
Integrity
• How do you know what’s there is correct?
– Attribution is invalid if the contents can change
• Access control would be one solution
– No system with people has perfect access control
• Risks digest provides plenty of examples!
• Encryption offers an alternative
Encryption
• Secret-key systems (e.g., DES)
– Use the same key to encrypt and decrypt
• Public-key systems (e.g., PGP)
– Public key: open, for encryption
– Private key: secret, for decryption
• Digital signatures
– Encrypt with private key, decrypt with public key
Denial of Service Attacks
• Viruses
– Platform dependent
– Typically binary
• Virus checkers
– Need frequent updates
• Flooding
– The Internet worm
– Chain letters
Justifications for Limiting Use
• Parental control
– Web browsing software, time limits
• Intellectual property protection
– Copyright, trade secrets
• National security
– Classified material
• Censorship
Acceptable Use Policies
• Establish policies
• Authenticate
• Authorize
• Audit
• Supervise
Techniques for Limiting Use
• Access control
– Effective multilevel security is hard to achieve
• Copy protection
– Hardware and software
• Licensing
– Shrinkwrap, Shareware, GNU Public license
• Digital watermarks
– Provide a basis for prosecution
Authentication
• Used to establish identity
• Two types
– Physical (Keys, badges, cardkeys, thumbprints)
– Electronic (Passwords, digital signatures)
• Protected with social structures
– Report lost keys
– Don’t tell anyone your password
• Password sniffers will eventually find it
Good Passwords
• Long enough not to be guessed
– Programs can try every combination of 4 letters
• Not in the dictionary
– Programs can try every word in a dictionary
– And every date, and every proper name, ...
– And even every pair of words
• Mix upper case, lower case, numbers, etc.
• Change it often and use one for each account
Access Control Issues
• Protect system administrator access
– Greater potential for damaging acts
– What about nefarious system administrators?
• Trojan horses
– Intentionally undocumented access techniques
• Firewalls
– Prevent unfamiliar packets from passing through
– Makes it harder for hackers to hurt your system
Fair Use Doctrine
• Balance two desirable characteristics
– Financial incentives to produce content
– Desirable uses of existing information
• Safe harbor agreement (1976 legislative history)
– Book chapter, magazine article, picture, …
• Developed in an era of physical documents
– Perfect copies/instant delivery alter the balance
Recent Copyright Laws
• Copyright Term Extension Act (CTEA)
– Ruled constitutional (Jan 2003, Supreme Court)
• Digital Millennium Copyright Act (DMCA)
– Prohibits circumvention of technical measures
– Implements WIPO treaty database protection
The Pornography Debate
• Communications Decency Act (CDA)
– Ruled unconstitutional (1997, Supreme Court)
• Child Online Protection Act (COPA)
– Enforcement blocked (March 2003, 3rd Circuit)
• Children’s Internet Protection Act (CIPA)
– Ruled constitutional (June 2003, Supreme Court)
Filtering Technology
• Any individual approach is imperfect
• Term-based techniques
– Recall/precision tradeoff
– Not very useful for images and audio
• Whitelists and blacklists
– Expensive to create manually
– Differing opinions, time lag
Surveillance Law
• USA PATRIOT Act
– Access to business records (with a court order)
– Internet traffic analysis (with a court order)
• Foreign Intelligence Surveillance Act (FISA)
– Secret court for monitoring foreign communications
– Special protections for citizens/permanent residents
Real-Time Local Surveillance
• Built-in features of standard software
– Browser history, outgoing email folders, etc.
• “Parental control” logging software
– ChatNANNY, Cyber Snoop, FamilyCAM, …
• Personal firewall software
– ZoneAlarm, BlackIce, …
Real-Time Centralized Surveillance
• Proxy server
– Set up a Web server and enable proxy function
– Configure all browsers to use the proxy server
– Store and analyze Web server log files
• Firewall
– Can monitor all applications, not just the Web
Forensic Examination
• Scan for files in obscure locations
– Find by content for text, ACDSee for pictures
• Examine “deleted” disk files
– Norton DiskDoctor, …
• Decode encrypted files
– Possible for many older schemes
External Monitoring
• Web tracking
– Browser data, clickthrough, cookies, …
• Packet sniffers
– Detect passwords, reconstruct packets, …
• Law enforcement
– Carnivore (US), RIP (UK), …
• National security
– Echelon (US), SORM (Russia), …
Mailing List “Nettiquite”
• Send private replies unless a public one is needed
• Don’t send unsubscribe requests to the list
• Read the FAQ before asking one
• Avoid things that start flames, unless you intend to
Project Demonstrations
•
•
•
•
•
Scheduled in advance
Targeted for 30 minutes
Web-accessible projects in my CLIS office
Other projects anywhere you need to be
Some time on Dec 9 or 10
– Get your reservations in early!
• At least one person from a team must come
– But everyone is welcome!
Project Demonstrations
• Starts with you showing me around
– You guide, I’ll drive
• I’ll run off the road a lot, though, to see what happens
– For Web projects, I may try another browser
• Some discussion about what you learned
• I’ll award the group’s grade on the spot
– Perfection is not required, only greatness!
Related documents
Innovative Applications of Artificial Intelligence Techniques in
Innovative Applications of Artificial Intelligence Techniques in
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
Computer Science 9616a, Fall 2011 Project Description Your project
Computer Science 9616a, Fall 2011 Project Description Your project
Misc. Privacy Topics (concluding)
Misc. Privacy Topics (concluding)
Computer Science 9616b, Fall 2016 Project Description Your project
Computer Science 9616b, Fall 2016 Project Description Your project
Lecture for Chapter 2.3 (Fall 09)
Lecture for Chapter 2.3 (Fall 09)
Privacy Statement - Handprints and Footsteps
Privacy Statement - Handprints and Footsteps
HIPPA Compliance Form
HIPPA Compliance Form
Donor Privacy Policy
Donor Privacy Policy
Slide 1
Slide 1
Law and Technology in Cybercrime and Homeland
Law and Technology in Cybercrime and Homeland
Security Training
Security Training
Public Schools, Privacy and Power
Public Schools, Privacy and Power
Emergency Department-Based Syndromic Surveillance in New York
Emergency Department-Based Syndromic Surveillance in New York
Security - UTRGV Faculty Web
Security - UTRGV Faculty Web
Surveillance Devices (Workplace Privacy) Act 2006
Surveillance Devices (Workplace Privacy) Act 2006
Lawrence M. Friedman. Guarding Life`s Dark Secrets: Legal
Lawrence M. Friedman. Guarding Life`s Dark Secrets: Legal
Corresponding page number
Corresponding page number
How a cell phone user can be secretly tracked across the globe
How a cell phone user can be secretly tracked across the globe
`Going Dark` Versus a `Golden Age for Surveillance`
`Going Dark` Versus a `Golden Age for Surveillance`
2. Information and Privacy - An Oxymoron for our Times
2. Information and Privacy - An Oxymoron for our Times
INT_CCPR_ICO_COL_22710_E
INT_CCPR_ICO_COL_22710_E