Legal and Ethical Aspects - Integrated Computer Security - Lecture Slides, Slides of Computer Security

Download Legal and Ethical Aspects - Integrated Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity! Lecture 20 Legal and Ethical Aspects Docsity.com Legal and Ethical Aspects • touch on a few topics including: – cybercrime and computer crime – intellectual property issues – privacy – ethical issues Docsity.com Intellectual Property Docsity.com Copyright • protects tangible or fixed expression of an idea but not the idea itself – is automatically assigned when created – may need to be registered in some countries • exists when: – proposed work is original – creator has put original idea in concrete form – e.g. literary works, musical works, dramatic works, pantomimes and choreographic works, pictorial, graphic, and sculptural works, motion pictures and other audiovisual works, sound recordings, architectural works, software-related works. Docsity.com Copyright Rights • Copyright owner has these exclusive rights, protected against infringement: – Reproduction right: lets the owner make copies of a work. – Modification right: (the derivative-works right), concerns modifying a work to create a new or derivative work. – Distribution right: lets the owner publicly sell, rent, lease, or lend copies of the work. – Public-performance right: applies mainly to live performances. – Public-display right: lets the owner publicly show a copy of the work directly or by means of a film, slide, or television image. Docsity.com Intellectual Property Issues • software programs – protect using copyright, perhaps patent • algorithms – may be able to protect by patenting • database content and arrangement – protect using copyright • digital content audio / video / media / web – protect using copyright Docsity.com U.S. Digital Millennium Copyright ACT • DMCA • implements WIPO treaties to strengthen protections of digital copyrighted materials • encourages copyright owners to use technological measures to protect their copyrighted works, including: – measures that prevent access to the work – measures that prevent copying of the work • prohibits attempts to bypass the measures – have both criminal and civil penalties for this Docsity.com DMCA Exemptions • certain actions are exempted from the DMCA provisions: – fair use – reverse engineering – encryption research – security testing – personal privacy • considerable concern exists that DMCA inhibits legitimate security/crypto research Docsity.com DRM Svstem Architectire Systems interface Security | |Authentication|| Billing Deli Eneryption} | Authorization | |Payments envery Privacy • overlaps with computer security • have dramatic increase in scale of info collected and stored – motivated by law enforcement, national security, economic incentives • but individuals increasingly aware of access and use of personal / private info • concerns on extent of privacy compromise have seen a range of responses Docsity.com EU Privacy Law • European Union Data Protection Directive was adopted in 1998 to: – ensure member states protect fundamental privacy rights when processing personal info – prevent member states from restricting the free flow of personal info within EU • organized around principles of: – notice, consent, consistency, access, security, onward transfer, enforcement Docsity.com Privacy and Data Surveillance * Contains associative memory index (AMI) * Update in real time Nia | | —] User query > (Cross-source Pie privacy a ] « Response sppiance Independently operated Government owned * Authentication * Selective revelation ¢ Authorization * Data transformation * Anonymization * Policy is embedded * Immutable audit trail * Create AMI * Inference checking Docsity.com Ethical Issues • have many potential misuses / abuses of information and electronic communication that create privacy and security problems • ethics: – “a system of moral principles relating benefits and harms of particular actions to rightness and wrongness of motives and ends of them” • ethical behavior here not unique • but do have some unique considerations – in scale of activities, in new types of entities Docsity.com Ethical Hierarchy Docsity.com Codes of Conduct • ethics not precise laws or sets of facts • many areas may present ethical ambiguity • many professional societies have ethical codes of conduct which can: – be a positive stimulus and instill confidence – be educational – provide a measure of support – be a means of deterrence and discipline – enhance the profession's public image Docsity.com Codes of Conduct • see ACM, IEEE and AITP codes • place emphasis on responsibility other people • have some common themes: – dignity and worth of other people – personal integrity and honesty – responsibility for work – confidentiality of information – public safety, health, and welfare – participation in professional societies to improve standards of the profession – the notion that public knowledge and access to technology is equivalent to social power Docsity.com Summary • reviewed a range of topics: – cybercrime and computer crime – intellectual property issues – privacy – ethical issues Docsity.com