BASICS OF COMPUTING

Spring Term 2011Washington CollegeProfessor Suydam

Week 13 Final Project Preparation & Privacy

AGENDA – WEEK 13

• Finishing up the JavaScript Dashboard

• Final Project Preparation

o Project – ideaso Major Componentso Presentationo Evaluation

13-2

AGENDA – WEEK 13

• Finishing up the JavaScript Dashboard

13-3

FINAL PROJECT -- IDEAS

• Subject Something you are “passionate” about “Doable” Within time constraints

• Budget preparation time • Project and Presentation are each 10% of total course

grade• Point of reference: HW5 was 8%

13-4

FINAL PROJECT -- MAJOR COMPONENTS

WebsiteComponents

MS Word MS Excel JavaScript or Java Applet Others – student option (e.g., sound, video, etc.),

but make relevant to your themePowerPointLinks

Website PowerPoint

13-5

FINAL PROJECT -- PRESENTATION

Contents What ~1/3 How ~2/3

Be animatedShow interest/enthusiasmSmileRehearseTiming

13-6

FINAL PROJECT -- IDEAS

13-7

FINAL PROJECT -- EVALUATION

13-8

PRIVACY: WHOSE INFORMATION IS IT?What is privacy? Examine a transaction of buying

Dating for Total Dummieso Information linking the purchase with the

customerHow can the information be used?

o Book merchant collecting information is ordinary business practice

o Book merchant sending advertisements to customer is ordinary business practice

o What about merchant selling information to other businesses?

Modern devices make it possible to violate people's privacy without their knowledgeIn 1890, Brandeis wrote that individuals deserve "sufficient safeguards against improper circulation" of their images

13-9

CONTROLLING THE USE OF INFORMATION

Spectrum of control spans four main possibilities:1. No uses. Information should be deleted when the

store is finished with it2. Approval or Opt-in. Store can use it for other

purposes with customer's approval3. Objection or Opt-out. Store can use it for other

purposes if customer does not object4. No limits. Information can be used any way the

store chooses5. Fifth possibility is internal use -- store can use

information to continue conducting business with you

13-10

A PRIVACY DEFINITION

• Privacy: The right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude, and their behavior to others

• Threats to Privacy: Government and business• Voluntary Disclosure: We choose to reveal information

in return for real benefits (doctor, credit card company)

13-11

FAIR INFORMATION PRACTICESOECD (Organization of Economic Cooperation and Development) in 1980 developed the standard eight-point list of privacy principles.

Limited Collection Principle Quality Principle Purpose Principle Use Limitation Principle Security Principle Openness Principle Participation Principle Accountability Principle

13-12

COMPARING PRIVACY ACROSS THE ATLANTIC

• U.S. has not adopted OECD principles• China does not protect privacy• European Union has European Data Protection Directive

(OECD principles)• EU Directive requires data on EU citizens to be

protected at same standard even when it leaves their country

13-13

US LAWS PROTECTING PRIVACY• Privacy Act of 1974 covers interaction with government• Interactions with business:

o Electronic Communication Privacy Act of 1986o Video Privacy Protection Act of 1988o Telephone Consumer Protection Act of 1991o Driver's Privacy Protection Act of 1994

• These all deal with specific business sectors—not an omnibus solution

13-14

PRIVACY PRINCIPLES: EUROPEAN UNIONTwo points of disagreement between FTC (US) and OECD

(Europe):o Opt-in/Opt-out

When can an organization use information it collects for one purpose, for a different purpose?

Opt-out is US standard except for highly sensitive data; Opt-in is European standard

o Compliance/Enforcement -- US has "voluntary compliance," EU has offices to control data

13-15

A PRIVACY SUCCESS STORYDo-Not-Call List

o Telemarketing industry's "self-policing" mechanism required individuals to write a letter or make an on-line payment to stop telemarketing calls

o US government set up Do Not Call List. 80,000,000 households are on the list and telemarketing industry has largely collapsed

The Do-Not-Call registry does not prevent all unwanted calls. It does not cover the following:

o calls from organizations with which you have established a business relationship;

o calls for which you have given prior written permission;

o calls which are not commercial or do not include unsolicited advertisements;

o calls by or on behalf of tax-exempt non-profit organizations. 13-16

THE COOKIE MONSTER

• Cookie: Record containing seven fields of information that uniquely identify a customer's session on a website. Cookie is stored on customer's hard drive.

• Abuse: Third party cookieo Third party advertisers on web site enter

client/server relationship with customer as page loads

o Advertiser can set cookies, and can access cookies when user views other websites that advertiser uses

• Browser options:o Turn off cookieso Ask each time a server wants to set a cookieo Accept all cookies

13-17

IDENTITY THEFT• Americans do not enjoy Security Principle• Identity theft is the crime of posing as someone else for

fraudulent purposes -- using information about person like credit card numbers, social security numbers

13-18

MANAGING YOUR PRIVACY

• Purchase up-to-date virus checking software• Adjust your cookie preferences to match your

comfort level• Read the privacy statement of any website you give

information to• Review protections against phishing scams• Patronize reputable companies for music, software,

etc.• Be skeptical• Stay familiar with current assaults on privacy

13-19

ENCRYPTION AND DECRYPTION

Encryption Terminologyo Encryption: Transform representation so it is no

longer understandableo Cryptosystem: A combination of encryption and

decryption methodso Cleartext or Plaintext: Information before

encryption o Cipher text: Information in encrypted formo One-way cipher: Encryption system that cannot be

easily reversed (used for passwords)o Decryption: Reversing encryption process

13-20

13-21

ENCRYPTING A MESSAGE

BREAKING THE CODELonger text is easier to decode

o Notice what bit sequences show up frequentlyo Knowledge of most frequent letters in the

“cleartext” languageSmarter byte-for-byte substitutions

o Group more than two byteso Be sure not to exchange the key over unsecured

connection

13-22

SUMMARIZING THE RSA SYSTEM*• RSA is an Internet encryption and authentication system that

uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers from Microsoft and Netscape.

• The algorithm involves multiplying two large prime numbers (a prime number is a number divisible only by that number and 1) and through additional operations deriving a set of two numbers that constitutes the public key and another set that is the private key.

13-23*Source: http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214273,00.html

A FAULT RECOVERY PROGRAM FOR BUSINESS Keep a full copy of everything written on the system as

of some date and time—full backup Create partial backups—copies of changes since last full

backup After disaster, start by installing the last full backup

copy Re-create state of system by making changes stored in

partial backups, in order All data since last backup (full or partial) will be lost

13-24

BACKING UP A PERSONAL COMPUTERHow and What to Back Upo You can manually backup or get automatic backup software

that writes to an external drive (e.g., flash memory stick, writeable CD, iPod, Time Capsule)

o For manual backups, you do not have to backup data that: can be re-created from some permanent source, like

software was saved before, but has not changed you don’t care about

Recovering Deleted Informationo Backups also protect from accidental deletionso Can save evidence of crime or other inappropriate behavioro Remember that two copies of email are produced when

sender hits send—one in sent mail file and one somewhere else, which the sender probably can't delete

13-25