Class 7

LBSC 690

Information Technology

Social Issues& Control of Information

Agenda

• Questions

• Computing for social purposes

• Computing as a social process

• Complex systems

Two Types of Social Issues

• Computers are used for social purposes– CSCW, email, chat rooms, etc.

• Computers are used by people, so:– Individuals and organizations may adapt -social

and economic impact– Organizations establish rules and procedures– Technology can be directed to achieve social

objectives• Fair access, privacy, control information

Computing for Social Processes• Email, NetMeeting, etc.

– The invisible college, personal email

• Virtual communities– Mailing lists, USENET news, Chat rooms

• CSCW

• Educational computing– Computer assisted instruction, distance education

• Social interaction– Computer dating

Limiting the Use of Computing/IT• Variety of justifications

– Parental control• Web browsing software, time limits

– Intellectual property protection• Copyright, trade secrets

– National security• Classified material

– Censorship

Techniques for Limiting Use

• Access control– Effective multilevel security is hard to achieve

• Copy protection– Hardware and software

• Licensing– Shrink-wrap, Shareware, GNU Public license

• Digital watermarks– Provide a basis for prosecution

Anonymity

• Serves several purposes– Sensitive issues on discussion groups– Brainstorming– Whistleblowers– Marketing (“Spam”)

• Common techniques– Anonymous re-mailers– Pseudonyms

Nettiquite

• Mailing lists and USENET News– “Emily Postnews” on comp.announce.newusers

• Some simple guidelines– Send private replies unless a public one is needed– Limit business uses to appropriate venues– Don’t send unsubscribe requests to the list– Read the FAQ before asking one– Avoid things that start “flames” unless you intend

to

Computing/IT as a Social Process

• Programs must implement social norms– Ownership– Identity– Integrity– Privacy

• Two basic techniques are used– Authentication– Encryption

Ownership• Who has the right to use a computer?

• Who establishes this policy? How?– What equity considerations are raised?

• Can someone else deny access?– Denial of service attacks

• How can denial of service be prevented?– Who can gain access and what can they do?

Identity

• Establishing identity permits access control

• What is identity in cyberspace?– Attribution

• When is it desirable?

– Impersonation• How can it be prevented?

• Forgery is really easy– Just set up your mailer with bogus name and email

Authentication

• Used to establish identity

• Two types– Physical (Keys, badges, cardkeys, thumbprints)– Electronic (Passwords, digital signatures)

• Protected with social structures– Report lost keys– Don’t tell anyone your password

• Password sniffers will eventually find it

Good Passwords

• Long enough not to be guessed– Programs can try every combination of 4 letters

• Not in the dictionary– Programs can try every word in a dictionary– And every date, and every proper name, ...– And even every pair of words

• Mix upper case, lower case, numbers, etc.

• Change it often and use one for each account

Integrity

• How do you know what’s there is correct?– Attribution is invalid if the contents can change

• Access control would be one solution– No system with people has perfect access control

• Risks digest provides plenty of examples!

• Encryption offers an alternative

Privacy

• What privacy rights do computer users have?– On email?– When using computers at work? At school?– What about your home computer?

• What about data about you?– In government computers?– Collected by companies and organizations?

• Does obscurity offer any privacy?

Encryption• Separate keys for writing and reading

– Pretty Good Privacy (PGP) is one “standard”

• Identity– “Digital signature” from a private write key

• Integrity– Public read key will decode only one write key

• Privacy– Either write key or read key can be kept secret

Cookies• Web servers know a little about you

– Machine, prior URL, browser,

• From this they can guess a little more– Path you followed, who is on that machine

• Cookies allow them to remember things– They send you a string and your browser stores it– If they ask for the string, your browser provides it– The string can represent identity and/or information

Copyright• Intellectual property - patents, trademarks,

copyright

• Copyright is the “right to make copies”

• The expression of the intellectual content is copyrighted -- not the idea itself

• Copyright procedures– no longer a need to register– life + 75 years

• Some key concepts– Fair use– First sale

Access Control Issues• Protect system administrator access

– Greater potential for damaging acts– What about nefarious system administrators?

• Trojan horses– Intentionally undocumented access techniques

• Firewalls– Prevent unfamiliar packets from passing through– Makes it harder for hackers to hurt your system

Denial of Service Attacks• Viruses

– Platform dependent– Typically binary

• Virus checkers– Need frequent updates

• Flooding– The Internet worm– Chain letters

Policy Solutions• Five guidelines

– Establish policies– Authenticate– Authorize– Audit– Supervise

• CSC Acceptable Use Policy

Crisis Management

• Computer Emergency Response Team– Issues advisories about known problems– Need to make sure these reach the right people

• Information Warfare– We depend on our information infrastructure– How can we prevent attacks against it?

• Hacking is individual, this would be organized

– Policy for this is still being worked out

Complex System Issues

• Critical system availability– Who needs warfare - we do it to ourselves!

• Understandability– Why can’t we predict what systems will do?

• Nature of bugs– Why can’t we get rid of them?

• Audit-ability– How can we learn to do better in the future?

Social and Economic Impact

• Many important social institutions (e.g, libraries, government, schools) are based on managing the flow of information

• End of privacy, end of money ???

• “Content is king”