COMP 1950 KeyWords

6-9. According to Steve Levy, what are the six "principles" of the "hacker code of ethics?"

1. Access to computers should be unlimited and total. 2. All information should be free. 3. Mistrust Authority - Promote Decentralization. 4. Hackers should be judged by their hacking, not by bogus criteria such as degrees, age, race, or position. 5. You can create art and beauty on a computer. 6. Computers can change life for the better.

8-19. What is meant by the expression "information commons"?

A body of knowledge and information that is available to anyone to use, providing any conditions placed on its use are respected.

6-8. What is meant by the expression "hacker code of ethics"?

A set of principles that "early computer hackers" would have followed.

5-3. Describe some important characteristics that differentiate "accessibility privacy," "decisional privacy," and "informational privacy."

Accessibility Privacy: freedom from intrusion into one's physical space. Decisional Privacy: freedom from interference in one's choices and decisions Informational Privacy: control over the flow of one's personal information, transfer and exchange

5-4. How does James Moor's theory of privacy combine key elements of "accessibility," "decisional," and "informational" privacy? What does Moor mean by a "situation," and how does he distinguish between "natural privacy" and "normative privacy"?

According to Moor: "an individual has privacy in a situation if in that particular situation the individual is protected from intrusion, interference, and information access by others." situation can be an activity, a relationship, or the storage and access of information in a computer or on the internet. Natural Privacy happens as a result of a situation. (lost) Normative Privacy is privacy that one has a right to going into a situation. (violated)

6-20. How has the information security landscape become increasingly "de-perimeterized," and what additional challenges does this factor pose for risk analysis models?

According to Pieters and van Cleeff, IT security has become de-perimeterized due to the following trends: Many organizations now outsource their information-technology processes: Many employees expect to be able to work from home: Mobile devices make it possible to access data from anywhere: "Smart buildings" are being equipped with small microchips that allows for constant communication between buildings and their headquarters.

7-7. What are the objectives of the Certified Ethical Organization (CEH)?

According to the Certified Ethical Hacker Web site: The goal of the ethical hacker is to take preemptive measures against malicious attacks by attacking the system himself: all the while staying within legal limits... an ethical hacker is very similar to a penetration tester... when it is done by request and under a contract between an ethical hacker and an organization, it is legal.

6-6. How do security issues in cyberspace raise ethical concerns?

An ethical analysis of cybersecurity issues needs to consider whether an appropriate balance can be found in preserving both: 1. Adequately secure computer systems. 2. Autonomy and privacy for computer users.

5-18. Describe some of the voluntary controls and self-regulation initiatives that have been proposed by representatives from industry and e-commerce. Are they adequate solutions?

An industry- backed initiative called TRUSTe was designed to help ensure that websites adhere to the privacy policies that they advertise. Critics have pointed out some of the difficulties involving TRUSTe. For example, the amount of information users are required to provide can easily discourage them from carefully reading and understanding the Terms of Service agreement.

8-1. What is intellectual property?

An intangible form of property that is protected by a system of laws such as patents, copyrights, trademarks, and trade secrets, through which authors and inventors are given ownership rights over their creative works.

8-15. How does the personality theory of property differ from both the labor and the utilitarian property theories?

An intellectual object is an extension of the creator's personality, therefore, they should be given legal control over it, even if they lack the financial motivation to do so.

7-15. What are biometric technologies, and how are they used in fighting cybercrime?

Biometrics can be defined as the biological identification of a person, which includes eyes, voice, hand prints, finger prints, retina patterns, and handwritten signatures. These can be used to detect forgeries and to identify cyber criminals directly.

7-20. What is WikiLeaks, and why is it controversial?

By 2010, WikiLeaks had released thousands of controversial documents, in redacted form, which included the following three items: 1. A video of a U.S. helicopter attack in which the crew members allegedly fired on and killed innocent civilians, in addition to enemy soldiers: 2. Two large scale documents involving the Iraq and Afghanistan Wars: 3. Several U.S. State Department diplomatic cables

6-5. What is cloud computing, and what challenges does it pose for securing one's personal information in cyberspace?

Cloud Computing: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage applications, and services). Issues: 1. Users have very little control over or direct knowledge about how their information is transmitted. 2. If the host company goes out of business, what happens to the users' data? 3. Can the host deny a user access to his/her own data? 4. Who actually owns the data that is stored in the cloud?

5-11. Describe the technique known as computerized matching? What problems does it raise for personal privacy?

Computerized Matching is a technique that cross-checks information in two or more databases that are typically unrelated to produce "matching records" or "hits." Consider a scenario where your mail is matched (and opened) by authorities trying to catch criminals suspected of communicating with your neighbors.

5-10. Explain computerized merging. Why is it controversial from the perspective of personal privacy?

Computerized Merging is a technique of extracting information from two or more unrelated databases and incorporating it into a composite file. If you give certain information about yourself to several different organizations, you authorize each organization to have specific information about you. However, it does not follow that you thereby authorize any one organization to have some combination of that information.

5-8. What are Internet cookies, and why are they considered controversial from the perspective of personal privacy?

Cookies are files that websites send to and retrieve from the computers of web users. Information about one's online browsing preferences can be "captured" whenever a person visits a website. This exchange typically occurs without a user's knowledge and consent.

8-5. Describe some of the key differences in the four legal schemes designed to protect intellectual property: copyrights, patents, trademarks, and trade secrets.

Copyrights allow someone exclusive commercial control over their intellectual property. Patents offer a 20-year exclusive monopoly over an expression or implementation of a protected work. A Trademark is a word, name, phrase, or symbol that identifies a product or service. A Trade Secret consists of information that is highly valuable and considered crucial in the operation of a business or other enterprise.

7-5. What is meant by "active defense hacking" or "counter hacking"?

Counter hacking has been done by both individuals and corporations. Counter hacking attacks are typically directed against those suspected of originating the hacker attacks. Counter hacking can either be preemptive or reactive. Preeemptive hacking is more difficult to defend.

7-12. How can we distinguish between genuine cyber-crimes and "cyber-related" crimes?

Cyber-related crimes can be carried out with or without the use of cybertechnology.

7-13. How might we distinguish between cyber-related crimes that are "cyberexacerbated" and those that are "cyberassisted"?

Cyberexacerbated: Cybertechnology plays a very significant role. Cyberassisted: A computer assists in a way that is trivial and possibly irrelevant.

7-11. Identify and briefly describe the three categories of "genuine cybercrime" that we examined.

Cyberpiracy: Using cybertechnology in unauthorized ways to copy/distribute proprietary information/software (in digital form) across a computer network. Cybertrespass: Using cybertechnology to gain or to exceed unauthorized access to an individual's or organization's computer system, or a password-protected web site. Cybervandalism: Using cybertechnology to unleash one or more programs that disrupt the transmission of electronic information across one or more computer networks, including the internet, or destroy data resident in a computer or damage a computer system's resources, or both.

7-19. What problems do issues of jurisdiction pose for understanding and prosecuting crimes committed in cyberspace?

Cyberspace has no physical boundaries. As a result, it is difficult to determine who controls what.

6-13. What, exactly, is cyberterrorism?

Cyberterrorism covers a range of politically motivated hacking operations intended to cause grave harm that can result in either loss of life, severe economic loss, or both.

5-12. What is data mining, and why is it considered controversial?

Data Mining involves the indirect gathering of personal information via an analysis of implicit patterns discoverable in data. There is a tendency to presume that personal information generated by or acquired via data mining techniques must be by default be public data, rather that confidential or intimate.

6-4. Identify and briefly describe the key distinguishing features separating data security, system security, and network security.

Data Security: Unauthorized access to data, which is either resident in or exchanged between computer systems. System Security: Attacks on system resources (such as computer hardware, operating system software, and application software) by malicious computer programs. Network Security: Attacks on computer networks, including infrastructure of privately owned networks and the Internet itself.

8-7. What is the DMCA, and why is it controversial?

Digital Millennium Copyright Act: Anti circumvention clause, which prohibits development of software or hardware that circumvents (or devises a technological workaround) to copyrighted digital media. Some state DMCA laws may be exceeding the conditions of the federal DMCA.

8-21. What are PIPA and SOPA, and why are they controversial?

Enforce copyright protection online. However they would also allow the US government, as well as any major corporation, to shut down websites they suspected of copyright infringement, without going through the traditional trial/court process.

8-13. Describe the rationale behind the labor theory of property. Is it a plausible philosophical theory when used to justify intellectual property rights? Locke

Entitlement to the fruits of your labor. It is not a plausible theory, as intellectual property is nonexclusionary, and thus not scarce. It also doesn't always require some kind of onerous toil that goes with producing tangible goods. Others say property is a man-made right rather than a natural right, as the theory suggests.

7-17. What is "entrapment on the Internet," and why has is it been controversial?

Entrapment on the internet is a form of sting operation. A critical question from the view of many civil libertarians is whether the ends justify the means.

8-8. What is the principle of fair use?

Every author or publisher may make limited use of another person's copyrighted work for purposes such as criticism, comment, news, reporting, teaching, scholarship, and research.

8-16. What is the Free Software Foundation, and what does it advocate?

Four "freedoms" are essential for free software. These include freedom to: 1. Run the program, for any purpose. 2. Study how the program works, and adapt it for your needs. 3. Redistribute copies so you can help your neighbor. 4. Improve the program, and release your improvements to the public so that the whole community benefits.

5-14. What is meant by "privacy in public"? Describe the problem of protecting personal privacy in public space.

Generally, information that is easily acquirable in a public setting is not considered private, regardless of how personal it may be.

7-9. What, exactly, is cybercrime?

Girasa (2002) defines "cybercrime" as: A generic term covering a multiplicity of crimes found in penal code or legislation having the "use of computer technology as its central component."

8-17. What is GNU?

Gnu's Not Unix: To develop an entire Unix-like operating system, complete with system utilities, that was "open" and freely accessible.

6-7. Who are computer hackers, and how has the term "hacker" evolved?

Hackers: Individuals and groups that launch malicious programs of various kinds are commonly described in the media as hackers. Many computer scientists are unhappy with how the word "hacker" has come to be used in the media. Many people who are now identified in the media as hackers are neither brilliant nor accomplished computer experts. "Early computer hackers" have been described as individuals who aimed at accessing computer systems to see how they worked, and not to cause any harm to those systems.

6-14. What is meant by "hacktivism"? How is it distinguished from traditional computer hacking?

Hacktivism: The convergence of political activism and computer hacking techniques to engage in a new form of civil disobedience.

7-3. Why do many in the computer community oppose the use of "hacker" to describe cybercriminals?

Himanen (2001) notes that the term "hacker" originally applied to anyone who: 1. Programmed enthusiastically. 2. Believed that information sharing is a powerful positive good."

7-14. What is identity theft, and how has it been exacerbated by cybertechnology?

Identity theft is a crime in which an imposter obtains key pieces of personal information, such as Social Security or driver's license number, in order to impersonate someone else. Factors such as lax security and carelessness involving computer databases has made it easy for some identity thieves to acquire personal information about their victims via the use of cybertechnology

6-16. What is meant by "information warfare"?

Information Warfare: Operations that target or exploit information media in order to win some objective over an adversary.

6-17. How can information warfare be distinguished from cyberterrorism?

Information warfare is typically done militarily by one country to another. Cyberterrorism is usually done by a group or individual not connected to a particular government.

8-2. How is intellectual property different from tangible property?

Intellectual property, e.g. software, unlike tangible property, is nonexclusionary, meaning that more than one person can have copies of it, without it actually being their property. One cannot own an idea in the same way that they can own a physical object. Ownership rights simply apply to the control of physical manifestations or expressions of said object.

8-18. What is the Open Source Initiative, and how is it different from the Free Software Movement?

It permits programmers to alter open source software and release it as a proprietary product. FSF required that all derivative pieces of software be nonproprietary.

7-16. How have packet-sniffing programs and keystroke-monitoring technologies assisted law enforcement authorities in fighting cybercrime?

Keystroke-monitoring software can trace the text in electronic messages back to the original sequence of keys and characters entered at a user's computer keyboard. It is especially useful in tracking the activities of criminals who use encryption to encode their messages. Packet-sniffers monitor data traveling between networked computers.

5-16. Why does online access to public records pose problems for personal privacy?

Making certain information easier to access also makes it easier to abuse.

6-15. Can "hacktivist activities" be justified on the grounds of civil disobedience toward unjust laws?

Manion and Goodrum claim that for an act to qualify as "civilly disobedient" it must satisfy the following conditions: 1. No damage done to persons or property. 2. Nonviolent. 3. Not for personal profit. 4. Ethical motivation. 5. Willingness to accept personal responsibility for the outcome.

6-18. How might our understanding of cybersecurity be enhanced by using models of risk analysis?

Many of the ethical issues surrounding computer security are not trivial. They have implications for public safety that can result in the deaths of significant numbers of persons. So, it is not clear that all computer security issues can be understood simply in terms of the risk analysis model advocated by Schneier.

8-10. How is the principle of fair use threatened by recent changes to copyright law?

Many works that were previously about to enter the public domain, and thus be more open to the public, had their copyright protection extended, placing them under stricter control. Anti-circumvention gives some companies control over their potential competition.

8-11. How were some controversies in the Napster dispute anticipated in the La Macchia incident (involving Cynosure) at MIT in the mid-1990s?

Napster, like LaMacchia, did not facilitate the distribution of software. It simply acted as a forum for people to distribute software among each other.

5-13. What is the difference between PPI and NPI?

Non-Public Personal Information refers to sensitive information such as one's financial and medical records. There is some legal protection here. Public Personal Information is non-confidential and non-intimate in character, and is generally not legally protected.

8-9. What is the principle of "first sale" with respect to copyright law?

Once the original work has been sold for the first time, the original owner loses property rights over the previously protected work.

5-17. What are privacy-enhancing technologies (PETs)? How is their effectiveness challenged by concerns related to (user) education and informed consent?

PETs are tools that users can employ to protect: 1. Their personal identity, while navigating the web. 2. The privacy of their communications sent over the internet. Two challenges involving PETs with respect to ordinary users include: 1. Educating ordinary users about the existence of these tools. 2. Preserving the principle of informed consent for users who opt for these tools.

7-2. Can we construct a profile of a "typical cybercriminal"?

Parker (1998) distinguishes between "hackers" (as "amateur" criminals) and professional criminals. Parker claims that computer hackers, unlike most professional criminals, tend: 1. Not to be motivated by greed. 2. To enjoy the "sport of joyriding." He describes "typical computer hackers as exhibiting three common traits: 1. Precociousness. 2. Curiosity. 3. Persistence.

8-12. What are the arguments for and against protecting software with patents?

Patent law requires that inventions satisfy three conditions: 1. Usefulness. 2. Novelty. 3. Nonobviousness.

6-2. How can cybersecurity concerns be differentiated from issues in cybercrime?

Privacy-related concerns often arise because users are concerned about losing control over ways in which personal information about them can be accessed by organizations (especially by businesses and government agencies), who claim to have some legitimate need for that personal information in order to make important decisions. This is not the case with security-related concerns, which typically arise because of: 1. Fears that many individuals and organizations have that their data could be accessed by those who have no legitimate need for, or tight to, such information. 2. Worries that personal data or proprietary information, or both, could be retrieved and possible altered by individuals and organizations who are not authorized to access that data.

8-14. What is the utilitarian theory of property? Can it justify the protection of software?

Property rights are artificial rights devised by the state to achieve certain ends. Utilitarians tend to appeal to a financial incentive as a necessary motivation for bringing creative works into the marketplace. Not everyone wishes to benefit financially from their intellectual property.

5-9. What is RFID technology, and why is it a threat to privacy?

RFID (Radio Frequency Identification) consists of: 1. A tag, which has an electronic circuit, which stores data, and an antenna that broadcasts data by radio waves in response to a signal from: 2. A reader, which contains an antenna that receives the radio signal, and demodulator that transforms the analog radio into suitable data for any computer processing that will be done. RFID technology can be used to track an individual's location in the off-line world.

8-22. What is RWA, and how did it influence "The Cost of Knowledge" Boycott?

Replace the National Institute of Health's public access policy. It would restrict online access to important health information.

5-7. What does Roger Clarke mean by "dataveillance"? Why do dataveillance techniques threaten personal privacy?

Roger Clarke uses the term to capture two techniques made possible by cybertechnology: surveillance (data monitoring), and data-recording. Both of these are usually done without the knowledge of consent of users.

6-19. Identify the five elements that Bruce Schneier recommends for assessing risk in the context of cybersecurity.

Schneier believes that risk can be understood and assessed in terms of the net result of the impacts of five elements: 1. Assets 2. Threats 3. Vulnerabilities 4. Impact 5. Safeguards

5-15. Why are certain aspects and uses of Internet search engines controversial from a privacy perspective?

Search Engines can be used to: 1. Acquire personal information about individuals. 2. Reveal to search facilities data about which websites you have visited.

6-3. How are cybersecurity issues similar to and different from privacy issues affecting cybertechnology?

Similar: Note that many people wish to control information about themselves, including how that information is accessed by others. Because securing personal information stored in computer databases is an important element in helping individuals to achieve and maintain their privacy, the objectives of privacy would seem compatible with (and complimentary to) security. Different: When cyberethics issues are examined from the perspective of security in cyberspace, the goals of protecting anonymity and individual autonomy seem less important than when cyberethics concerns are analyzed from the vantage-point of personal privacy.

8-4. Describe the difficulties that arose in determining whether computer software (as a kind of intellectual object) should be eligible for the kinds of legal protection (i.e., copyrights and patents) that are typically granted to authors and inventors of creative works.

Software, which consists of lines of programming code, is not exactly expressed, or "fixed," in a tangible medium as literary works are. A program's code also takes many forms: source code, object code, and final executable code. They also resemble algorithms, which, like mathematical ideas, are not typically eligible for patent protection.

7-6. Can "counter hacking" be justified on either legal or ethical grounds?

Some hackers use the computers of innocent persons as host computers to initiate their attacks. These computers would end up being targeted instead of the computers that actually initiated the attack.

8-3. What is meant by the expression "intellectual object"?

Some philosophers use the expression "intellectual object" when referring to forms of intellectual property.

7-8. Can CEH's practices be justified on ethical grounds, even if they happen to be legal?

Some who defend preemptive acts of counter hacking believe that they can be justified on utilitarian grounds. For example, they argue that less overall harm will likely result if preemptive strikes are allowed.

8-6. What is the SBCTEA, and why is it controversial?

Sonny Bono Copyright Term Extension Act: Added 20 years to the length of copyright protection. Critics noted that the law was passed just in time to keep Mickey Mouse from entering the public domain, and that the Disney Corporation lobbied very hard for it's passage.

6-10. Describe and briefly evaluate the argument used by some hackers, who assert that "information wants to be free."

Spafford notes that if information were free: 1. Privacy would not be possible because we would not be able to control how information about us was collected and used. 2. It would not be possible to ensure integrity and accuracy of that information.

6-11. Assess the argument that (non-malicious) hackers can provide society with a valuable service. Is it a plausible argument?

Spafford provides counterexamples: 1. Would we permit someone to start a fire in a crowded shopping mall in order to expose the fact that the mall's sprinkler system was not adequate? 2. Would you be willing to thank a burglar who successfully broke into your house, showing you that your security system was inadequate?

5-20. Describe some principles included in the EU Directive on Data Protection. What do you believe to be some of the strengths and weaknesses of those principles when compared to privacy laws in America?

The EU Directive was designed to prevent the flow of sensitive information to countries with less secure information infrastructure.

7-18. What is the Patriot Act, and why is it controversial?

The Patriot Act is an extension of the Foreign Intelligence Surveillance Act (FISA), which established legal guidelines for federal investigations of foreign intelligence targets. The Patriot Act amended FISA to permit domestic surveillance as well. Some applaud the enhanced domestic surveillance provisions made possible by the Patriot Act. Others fear that the government's increased powers to conduct "sneak and peek" operations will have overall negative consequences for a nation that values both freedom and the presumption of innocence.

6-1. What do we mean by "computer security" or "cybersecurity"?

The expressions Computer Security and Cybersecurity generally refer to computer/cyber-related concerns affecting: 1. Reliability 2. Availability 3. System Safety 4. Data Integrity 5. Confidentiality 6. Privacy

7-1. How did the popular media's portrayal of computer-related crimes carried out in the 1970s and 1980s romanticize the behavior of some individuals who engaged in these activities?

The media has often described computer criminals as "hackers." The media also sometimes portrayed hackers in the early days of computing as "heroes", e.g. the lead character in the movie War Games.

8-20. What is the Creative Commons (CC) Initiative?

The principal aim of this organization is to provide creative solutions to problems that current copyright laws pose for sharing information.

5-19. What are some of the criticisms of U.S. privacy laws such as HIPAA and the Privacy Act of 1974?

The privacy Act of 1974 contained far too many loopholes, and HIPAA only provides privacy protection for medical records.

6-12. Describe the argument that some hackers use to show that hacking causes only virtual harm, not real harm.

This argument commits a logical fallacy known as the virtuality fallacy.

7-4. Can a meaningful distinction be drawn between hacking and "cracking"?

Unlike many traditional hackers, crackers typically engage in acts of theft and vandalism once they gain access to a computer. Some use the terms "white hat hacker" and "black hat hacker" to distinguish between hackers and crackers respectively.

7-10. How can a coherent definition of cybercrime be framed?

We define a genuine cybercrime as a crime in which the criminal act can: 1. Be carried out only through the use of cybertechnology. 2. Take place only in the cyber realm.

5-1. Identify and briefly describe four ways in which the privacy threats posed by cybertechnology differ from those posed by earlier technologies.

amount, speed,duration, kind of

5-5. Why is privacy valued? Is privacy an intrinsic value or is it an instrumental value? Explain.

does not appear to have intrinsic worth. But more than merely an instrumental value. necessary for achieving trust and friendship.

5-6. Is privacy a social value, or is it simply an individual good?

privacy debate in terms of privacy as a social value (essential for democracy), as opposed to an individual good, the importance of privacy is better understood.

5-2. What is personal privacy, and why is privacy difficult to define?

something that can be diminished (repository of information -> eroded) sometimes also zone that can be intruded upon or invaded. sometimes in terms of concerns affecting the confidentiality of information, which can be breached or violated.