ACTIVITY 7.1 Discuss the following questions, identifying possible reasons and m

Question

ACTIVITY 7.1

Discuss the following questions, identifying possible reasons and motives for the users at both sides of the spectrum:

o    Discuss why users try to break into other user's computers and information systems

o    Discuss why users create viruses.

o    Discuss who owns electronic mail systems, and why they do!

ACTIVITY 7.2

Discuss whether you believe the following are privacy issues:

·         Receiving an email from a friend which was forwarded from your friend's colleague, who had forwarded it to 12 other email addresses, where ALL of the email addresses are visible.

·         Using the technology of Caller ID to either screen callers or have persons know that you are calling.

·         The use of RFID (Radio Frequency Identification) Technology in products. You may first need to conduct basic research on RFID

Explanation / Answer

1. Why users try to break into other user's computers and information systems:

To a hacker, breaking into someone’s computer is simply a challenge. They may not specifically intend to do damage to the computer. The thrill of simply gaining access is often enough. Hackers often try to show off their skills to the world by hacking into government computers, or as revenge against another user or agency. Hackers are indeed as the stereotype depicts them as; youth with a thirst for knowledge.

Here are a few reasons why hackers hack:

1) Some hackers just pick up random ip-address and hack for fun;

2) Some hackers want to steal others information for their own selfish greed;

3) Some hackers just want to see if they have enough experience to hack into some stranger's computer;

4) Some hackers hack people's system to help them out by fixing a computer problem they are dealing with.

2. Why users create viruses:The primary reasons or categories that explain why people create computer viruses and malware.

3. Who owns electronic mail systems, and why they do:

Electronic mail systems are provided by various service providers, employers to the employees, educational institution to its students and staff for fast, effective and safe communication.

Service providers who provide email services to general public do it for the purpose of business, whereas in the case of employers and educational institutions provide emails for secure transmission of confidential information and correspondence.

Privacy issues of email:

Privacy relates to the contents of the email message. If the data contained in the mail is personal or confidential/professional, then sharing the same with others without his contents constitute violation of privacy.

Privacy issues on using the technology of Caller ID:

Caller ID offers the ability to deduce from the telephone number information, which the individual may not have otherwise volunteered to the called party, whether by way of reference to other information sources, or the context or the call itself. For example the town or suburb of a caller can be readily inferred from a phone number. Even more precisely, Caller ID used in conjunction with reverse directories can establish the address of the calling telephone service by reference to the displayed phone number. In addition, the placement of calls to particular organizations, such as retailers, medical centers, or crisis lines, may carry inferences about the caller. The privacy implications of these uses of Caller ID can be compounded in circumstances where organizational receivers do not institute appropriate identification verification procedures, and assume that the person making the call, and the customer whose name they have linked to the received phone number, are the same person.

Caller ID raises some complex problems through the risks it poses to personal privacy, where it applies to existing telecommunications networks and participation is on an opt-out basis. Callers in many situations may not wish the receiver to be able to identify their telephone number. Doctors who call patients from home, customers who call businesses but do not wish to be contacted in the future, and victims of domestic violence are some of the groups who may not want their numbers disclosed. Integrated with other technologies, Caller ID can allow increased collection and use of personal information, without the knowledge of the consumer.

Examples of how Caller ID poses risks to personal privacy include:

Internet Service Providers can include the Caller ID blocking over-ride code in their automated connection/start up kits without telling their customers. This results in users' telephone numbers being transmitted to the ISP even when the user has a silent/unlisted telephone number or has instructed their telephone service provider to place a default block on Caller ID transmissions from their telephone number.

Privacy issues on using the technology of use of RFID

Corporate data security threats:

1.   Corporate espionage threat: Tagged objects in the supply chain make it easier for competitors to remotely gather supply chain data, which is some of industry’s most confidential information. For example, an agent could purchase a competitor’s products from several locations, then monitor the locations’ replenishment dynamics. In some scenarios, they could read tags in a store or even as the merchandise is unloaded. Because tagged objects are uniquely numbered, it’s easier for competi- tors to unobtrusively gather large volumes of data.

2. Competitive marketing threat: Tagged objects make it easier for competitors to gain unauthorized access to customer preferences and use the data in competitive marketing scenarios.

3.    Infrastructure threat: This is not a threat specific to RFID per se. However, a corporate infrastructure that’s de- pendent on easily jammed radio frequency signals makes organizations susceptible to new kinds of denial- of-service attacks. Such attacks could be especially devastating as RFID becomes a mission-critical component of corporate infrastructure.

4.   Trust perimeter threat: Although not specific to RFID, as organizations increasingly share larger volumes of data electronically, the sharing mechanisms offer new opportunities for attack.

Personal privacy threats Most personal privacy threats arise from the fact that tags with unique IDs can be easily associated with a person’s identity:

1. Action threat: In this threat, an individual’s behavior (or possibly his or her intent) is inferred by monitoring the action of a group of tags. Some manufacturers of “smart shelves,” for example, have suggested that the sudden disappearance of tags corresponding to several high-value objects might indicate that a person plans to shoplift, and could result in the person’s photograph being taken. However, said tags might also disappear if the person accidentally knocked the tagged objects to the floor.

2. Association threat: When a customer purchases an EPC- tagged item, the customer’s identity can be associated with the item’s electronic serial number. This threat is fundamentally different than the current practice of associating customer loyalty cards with purchases, be- cause the EPC associates the consumer with a specific item (a unique aspirin package) rather than with a class of items (an aspirin package). Also, unlike with loyalty cards, this type of association can be clandestine and even involuntary.

3.   Location threat: Placing covert readers at specific locations creates two types of privacy threats. First, individuals carrying unique tags can be monitored and their location revealed if the monitoring agency knows the tags associated with those individuals. Second, a tagged object’s location, regardless of who (or what) is carrying it is susceptible to unauthorized disclosure.

4.   Preference threat: With the EPC network, the tag on an item uniquely identifies the manufacturer, the product type, and the item’s unique identity. This exposes otherwise unavailable customer preferences to competitive (and inquisitive) forces at low marginal cost. This is also a value threat if the adversary can easily determine the item’s monetary value. A common example of this threat is a thief who targets victims based on their preferences (such as for high-value RFID-containing watches rather than low-cost ones).

5.   Constellation threat: Regardless of whether individual identity is associated with a tag set or not, the tags form a unique RFID shadow or constellation around the person. Adversaries can use this constellation to track people, without necessarily knowing their identities.

6.   Transaction threat:When tagged objects move from one constellation to another, it is easy to infer a transaction between the individuals associated with those constellations.

7.   Breadcrumb threat: This threat is also a consequence of association. As individuals collect tagged items, they’re building an items database associated with their identity in corporate information systems. When they discard these electronic breadcrumbs, the association between them and the items isn’t bro- ken. The threat arises when discarded breadcrumbs are used, for example, to commit a crime or some other malicious act. The only identity associated with the breadcrumb is that of the original owner, who is liable, at the very least, to be bothered by law enforcement.

The cloning threat

Researchers at Johns Hopkins University and RSA Laboratories recently identified a serious security weak- ness in the RFID tag in Speed pass devices and many automobile immobilizer systems.By demonstrating that such tags could be cloned the researchers revealed the possibility of payment fraud and new modes of automobile theft. Although their discovery doesn’t directly undermine consumer privacy, it demonstrates that RFID tags could have security consequences beyond merely tracking or profiling consumers.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.