Document Sample
LECTURE NOTES – CHAPTER 12 Powered By Docstoc
					                         CSC 1113 – Introduction to Computers


I.        Privacy and Encryption                                                           CIYF 12.03
Describe the ways in which computer databases and the Internet are combining to erode privacy.
Note that traditional forms of information collection such as telephone surveys and supermarket
club cards are being combined with computer databases to endanger personal privacy.

Compare the terms privacy and encryption. Define privacy as an individual’s ability to restrict
or eliminate the collection, use, and sale of confidential personal information. Explain that
encryption refers to a coding or scrambling process by which a message is rendered unreadable
by anyone except the intended recipient.

Describe identity theft and its impact on peoples’ lives. List the information required to pull off
identity theft, including an address, Social Security number, date of birth, or other seemingly
innocuous bits of data.

Class Exercise: Engage students in a discussion about identity theft. You may find that several
students have had such an experience, or may know someone who has.

Web Link: Refer students to the U.S. Government’s central Web site on identity theft
(www.consumer.gov/idtheft/) for more information.

II.     Privacy in Cyberspace                                                                 CIYF 12.04
A. The Problem: Collection of Information without Consent
Describe the ways in which personal information is collected without consent. Using Figure 12.2,
discuss how electronic databases track and combine information on individuals. Note that in the
United States, individuals have no recourse against those who collect sensitive personal
B. The Internet Factor
Describe how database vendors sell the information they have gathered to many different types
of customers, some who have legitimate reasons for wanting the information, and some who have
wicked intentions.
Web Link: Encourage students to visit the Electronic Privacy Information Center (EPIC) at
www.epic.org/ for more information on privacy issues.
C. Protecting Privacy: Basic Principles
Privacy advocates believe that governments should protect the privacy of their citizens. Describe
the basic human privacy rights afforded to all citizens in the European Union:
Consumers must be informed when information is being collected about them.
Consumers must be allowed to choose whether or not they want to divulge the information.
Consumers must be allowed to remove information about themselves upon request.
Note that U.S. citizens do not enjoy these same rights. Describe some of the various Federal and
state laws that attempt to provide privacy protection in the United States.
CSC 1113 –Introduction to Computers                                                     Page 2
Chapter 12 Lecture Notes
Class Exercise: Lead students in an exercise to create their own declaration of personal privacy
rights. Would they desire the same rights as citizens of the European Union? Are there other
items that should be included in a declaration for the United States?
D. Anonymity
Define anonymity as the ability to convey a message without disclosing your name or identity.
Briefly explain the difference between defamation and libel.

III.      How Is Technology Eroding Privacy and Anonymity?                               CIYF 12.08
Review how technology is enabling various organizations to collect information and defeat the
concept of anonymous speech. List the two technologies that are commonly used, cookies and
global unique identifiers.

A. Cookies

Define cookies as small files that are written to your computer’s hard disk by many of the Web
sites you visit for the purpose of recording information so it is available for future browsing

Explain how ad networks work and describe the use of banner ads. Using the Richard Smith
example, show how DoubleClick, Inc. was able to gather key information about his identity. List
different types of information that can be transmitted to Internet ad networks, including:

        1. Your e-mail address

        2. Your full name

        3. Your mailing address (street, city, state and ZIP code)

        4. Your phone number

        Transactional data

B. Global Unique Identifiers (GUIDs)

Define global unique identifiers (GUIDs) as identification numbers that are generated by a
computer hardware component or a program. Explain how Microsoft’s .NET Passport fits into the
scheme of protecting personal privacy.

Web Link: Encourage students to visit the Microsoft .NET Passport Web site
(www.passport.net) for more information on this new privacy strategy.
Web Link: Refer students to the Web site www.privacy.net/track to see an online demonstration
of how ad banner tracking works.

IV.        Is Self-Regulation Sufficient?                                                CIYF 12.12
Discuss the debate centered on self-regulation within the technology industry. Introduce both
sides of the debate: the marketing industry and consumer advocacy groups.
CSC 1113 –Introduction to Computers                                                          Page 3
Chapter 12 Lecture Notes
Class Exercise: Divide the class into two groups, each representing one side of the debate. Ask
them to work together as a team to create several points in favor of their position. Have each
group nominate a spokesperson who will engage in the debate.
Refer students to the TechTalk margin note to define Web bug.
A. Protecting Your Privacy Online
Review the steps recommended by the U.S. government to safeguard your privacy on the
      1. Browse anonymously by surfing from sites such                     as   The   Anonymizer
      (www.anonymoizer.com) or The Cloak (www.the-cloak.com).
      2. Disable cookies on your Web browser.
      3. Use “throw-away” e-mail addresses.
      4. Tell children not to divulge any personal information online.
      5. Look for a privacy statement before providing personal information on a Web site.
Class Exercise: Demonstrate to students the process for disabling cookies on the Web browsers
in the computer lab.

V.       Privacy at Work                                                                CIYF 12.14
Web Link: Encourage students to find out about online reporting for employers to track their
employees by visiting the Web site www.spectorsoft.com, shown in Figure 12.8.

Discuss the issues around e-mail and Internet privacy at work. Review simple rules for
appropriate conduct at work including telephone, e-mail, and Internet usage.

VI.       The Encryption Debate                                                                CIYF 12.16
A.       Encryption Basics

Define the term encryption. Explain plain text and the use of an encryption key using the
example shown in Figure 12.9. Explain the rot-13 encryption technique for scrambling
characters. Define symmetric key encryption algorithm and encryption algorithm. Review the
commonly used Data Encryption Standard (DES).

B.       The Problem of Key Interception

Define strong encryption as an encryption method that is nearly impossible to break. However,
one can defeat the system not by breaking the code, but by stealing the key. This major
vulnerability of symmetric key encryption is called key interception.

Describe public key encryption and the use of a public key and a private key. Explain how
public key encryption works. Explain the system of Pretty Good Privacy (PGP) and discuss its
strengths and weaknesses.

Web Link: Direct students to visit Public Key Encryption for Dummies
(www.nwfusion.com/news/64452_05-17-1999.html) for an excellent description of the public
key encryption process.

C.       Key Length
CSC 1113 –Introduction to Computers                                                        Page 4
Chapter 12 Lecture Notes
Describe cryptanalysis as another word for code breaking. Explain that one way to break a code
is through the brute force method. Explain how key length can be used to prevent cryptanalysis.

D.      Public Key Encryption Algorithms

Teaching Tip: While much of this information is interesting, it may constitute “information
overload” for some of your students. To keep their attention, make your discussion of the topics
in this section brief.

Very briefly discuss some public key encryption algorithms, including the Diffie-Hellman
algorithm, the RSA encryption algorithm, and Fortezza.

E.      Digital Signatures and Certificates

Relate the use of digital signatures and digital certificates to public key encryption. Define
hash key. Further explain digital certificates defining the terms certificate authority (CA) and
web of trust.

F.      Toward a Public Key Infrastructure (PKA)

Describe why a public key infrastructure (PKI) is important, yet is slow in development.

Discuss some of the issues surrounding the adoption of a public key infrastructure. List and
describe the three alternatives to PKI being proposed by U.S. government agencies: the Clipper
Chip shown in Figure 12.12 which uses a back door, the key escrow plan proposed by the
Clinton administration, and a new back door-based system called key recovery.

Web Link: Students can learn more about cryptography issues by visiting the Web site

Class Exercise: Refer to the Currents section “Navajo Code Talkers.” The following questions
may be posed to lead students in a discussion about the Navajo code talkers:

        1. Do you think there are any spoken languages today that could serve the same function
        as the Navajo language in 1942?

        2. Do you think computer message encryption will stand the test of time? Why or why

        3. The Navajo code talkers could only protect messages during transmission. Discuss the
        ways a computer message might be captured or compromised before or after the
        encryption/decryption cycle.

G.      Public Security Issues of Strong Encryption

Discuss export restrictions that are in place surrounding encryption algorithms and the reasons for
their existence.

Class Exercise: In the aftermath of September 11, 2001, there were calls in the U.S. Congress to
outlaw public key encryption. Prior to that, Louis J. Freeh, Director of the FBI, said the honest
CSC 1113 –Introduction to Computers                                                      Page 5
Chapter 12 Lecture Notes
have nothing to hide, and only criminals would use encryption. Lead the class in a discussion of
the implications of this statement.

Describe the Clipper Chip, key escrow plan and key recovery alternatives to public key
encryption proposed by U.S. government agencies.

H. The Academic Angle

Explain the copyright management infrastructure (CMI) and the Digital Millennium Copyright
Act (DMCA).

Web Link: For current information about the field of cryptographic research, encourage students
to visit The International Association of Cryptographic Research (www.iacr.org/).

Describe the situation of encryption technologies outside of the United States.

Class Exercise: Refer students to the Impacts section “Is the Government Watching You?” The
following questions may be posed to lead students in a discussion of Echelon:

        1. Do you think Echelon or something similar exists? Make arguments for and against its

        2. Should we fear the National Security Agency? Are you concerned about your right to
        privacy? Are you willing to give up some of your electronic communications privacy so
        that those who would harm us can be thwarted or caught?

        3. Assume Echelon exists. How will you modify your electronic communications

VI.        CHAPTER REVIEW                                                                CIYF 12.31
Web Link: Refer students to www.prenhall.com/ciyf2004 for a review of the chapter, to answer
the questions, and to complete the exercises and Web research questions.

Takeaway Points:

Ask students to recall the objectives identified at the beginning of this lesson. Tie the initial
objectives with the essential lecture points that met the objectives.

Objective: Explain the threat to privacy posed by the sale of sensitive personal information on
the Internet. Because the United States has no comprehensive Federal regulations protecting an
individual’s privacy, highly sensitive personal information, such as Social Security numbers, is
now for sale on the Internet. Many Web sites collect personal information without informing their

Objective: Define anonymity and discuss how it can be abused. Anonymity refers to the ability to
convey a message without disclosing one’s name or identity. We hold anonymity as a personal
freedom in the United States, but anonymity may free people from accountability, and they may
abuse the privilege of anonymous speech. Using the cloak of anonymity, someone may injure
another’s reputation by making false and malicious statements. Anonymous communications can
also be used to threaten and harass, or to spread false and misleading information.
CSC 1113 –Introduction to Computers                                                          Page 6
Chapter 12 Lecture Notes
Objective: Describe how technological developments are eroding privacy and anonymity.
Computers and the Internet enable marketing firms, snoops, and government officials to harness
all the power of technology in order to collect information in ways that are hidden from the user’s
view. For example, cookies are small files that are written to your computer’s hard disk by many
of the Web sites you visit. Cookies provide Web sites with a way of recording information so that
it is available for future browsing sessions at the same site. A global unique identifier (GUID) is a
unique identification number that is generated by a computer hardware component or a program.
Privacy advocates say that GUIDs make anonymous usage of the Internet more difficult, if not

Objective: Explain the reasons why many employers feel that they need to monitor their
employees’ computer usage. Because large U.S. employers want to make sure that they’re getting
their money’s worth from employees, many of them routinely monitor employees’ phone calls, e-
mail, Web browsing habits, and computer files. Companies are concerned about potential sexual
harassment lawsuits and employees who offer trade secrets to competitors.

Objective: State why U.S. security officials believe public-key encryption poses a threat to U.S.
security, both foreign and domestic. Public key encryption uses two different keys: an encryption
key (called the public key) and a decryption key (called the private key). People who wish to
receive secret messages publish their public key. When the public key is used to encrypt a
message, the message becomes unreadable. The message becomes readable only when the
recipient applies his or her private key, which nobody else knows. U.S. security agencies fear that
public key encryption will prevent them from detecting the activities of terrorists, drug dealers,
and organized crime syndicates.

Objective: Describe the U.S. government’s proposed key recovery plan and explain why it
threatens the growth of Internet commerce. Key length is the term used to describe the length (in
bits) of an encryption key. The longer the key, the stronger the encryption. A key length of 40 bits
is highly vulnerable to brute force attack; a key length of 56 bits was formerly thought to be
reasonably safe for Web shopping and other non-military or non-banking exchanges. However,
safe electronic commerce requires a key length of at least 128 bits. A public key infrastructure
(PKI) is a uniform set of encryption standards that specify how public key encryption, digital
signatures, and CA-granted digital certificates should be implemented in computer systems and
on the Internet. Although there are numerous contenders, no dominant PKI has emerged.
Encryption software containing key recovery features would enable investigators to read secret
messages, but financial institutions fear that these features would open security holes.