Upload
anthony-scott
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
Major Topics Protecting Programs and DataInformation and the LawRights of Employees and EmployersSoftware FailuresComputer CrimePrivacyEthical Issues in Computer Security
Relationship to Security Relationship of topics discussed to
computer security is not always clear
Legal and ethical issues involving computers are often, not always, security issues
Example: Ownership of program code
Legal IssuesLaws provide a framework in which
security issues can/must be addressed
ConstraintsThings you can’t do
RequirementsThings you must do
FrameworksThings you can use
Ethical Issues Ethics involves generally accepted
standards of proper behavior Ethical principle – “an objectively
defined standard of right and wrong” Ethical system – “a set of ethical
principles” The United States is an ethically
pluralistic society
Ethical Principles Consequence-based: teleology
EgoismUtilitarianism
Rule-based: deontologyRule-deontologyPersonal
Professional codes of ethics
Law and EthicsIt is possible for an action to be
legal but not ethicalIt is possible for an action to be
ethical but not legalWhat these actions are depends
upon the ethical and legal systems used
Law and Security Law may specify information that must
be kept confidential Medical information: HIPAA Student information: FERPA
Law may specify information that must be released FOIA – Freedom of Information Act –
applies to many government records
Privacy IssuesCombine legal requirements and
social expectationsPrivacy refers to protection/release
of personal informationConfidentiality refers to
protection/release of information in general
Personal Story 1: Medical Privacy
I went for a medical test for osteoporosis. The results were shown to me on a
computer screen also containing results from other patients.
Clear violation of HIPAA/other privacy rules Not a major problem since I did not
recognize/remember any of the names seen.
Personal Story 2: Password Disclosure
I was setting up a computer display in a database course
When I signed on to the DB system, my password was displayed.
So I changed my password. Whose fault?
Mine – I should have checked display. DB – It should not have displayed password in
clear.
Personal Story 3: Credit Card Theft
I received a call from local police that my credit card had been found in possession of an apparent credit card thief. (He had lots of stolen cards.)
I got a new credit card/number. No improper charges were made. Whose fault:
Thief – He stole it! Mine – I could have kept better track of the card.
Personal Story 4: Another Credit Card Theft
I received a notification that I was to be sent a new AMEX card and did not get it even though my husband got his.
AMEX notified me that my card was showing unusual usage patterns.
Multiple charges were posted that I had not made.
Card apparently stolen from mailbox.
Personal Story 4 (continued)
AMEX removed improper charges. I received a new card. I did not receive any information about
eventual outcome of situation. Note redundancy in system:
Mail notification of card issuance.Tracking of usage patterns.
Some Privacy Issues
Identity theft Data mining Carnivore Passport Anonymity Computer voting E.U. Data Protection Act (personal data) Gramm-Leach-Bliley (financial information) HIPAA (health information)
Software Ownership
Protecting information about software
Possible protection mechanisms:Trade secretCopyright (DMCA)Patent
Trade Secret
Confidential business informationMust be kept secretCoke formulaDiebold code for DREsTrade secrets may be lost
Independent discoveryReverse engineering
Copyright
Protect expressions of ideasBut not the ideas themselves
Limited time period Programs may be copyrighted DMCA – Digital Millennium Copyright Act Copy protection mechanisms
Sony-BMG XCP
Patents
Patents protect inventionsNovelNonobvious
Computer programsPatents allowed since 1981ControversialAlmost 40 years of prior art
Who Owns Software?The developer
Company? Individual?
Considerations Employment contract Work for hire Relationship to employment License
Criminal vs. Civil Law
Criminal law – actions against the state Statutes
Civil law – actions against individuals/other private entities Precedents
Contract law – actions in violation of a contract
How are Computer Crimes Different from Other Crimes?
Unfamiliarity of criminal justice system with computers and computer terminology
Need to deal with intangible and easily copied property