View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Agenda
• Questions
• Computing for social purposes
• Computing as a social process
• Complex systems
Two Types of Social Issues
• Computers are used for social purposes– CSCW, email, chat rooms, etc.
• Computers are used by people, so:– Individuals and organizations may adapt -social
and economic impact– Organizations establish rules and procedures– Technology can be directed to achieve social
objectives• Fair access, privacy, control information
Computing for Social Processes• Email, NetMeeting, etc.
– The invisible college, personal email
• Virtual communities– Mailing lists, USENET news, Chat rooms
• CSCW
• Educational computing– Computer assisted instruction, distance education
• Social interaction– Computer dating
Limiting the Use of Computing/IT• Variety of justifications
– Parental control• Web browsing software, time limits
– Intellectual property protection• Copyright, trade secrets
– National security• Classified material
– Censorship
Techniques for Limiting Use
• Access control– Effective multilevel security is hard to achieve
• Copy protection– Hardware and software
• Licensing– Shrink-wrap, Shareware, GNU Public license
• Digital watermarks– Provide a basis for prosecution
Anonymity
• Serves several purposes– Sensitive issues on discussion groups– Brainstorming– Whistleblowers– Marketing (“Spam”)
• Common techniques– Anonymous re-mailers– Pseudonyms
Nettiquite
• Mailing lists and USENET News– “Emily Postnews” on comp.announce.newusers
• Some simple guidelines– Send private replies unless a public one is needed– Limit business uses to appropriate venues– Don’t send unsubscribe requests to the list– Read the FAQ before asking one– Avoid things that start “flames” unless you intend
to
Computing/IT as a Social Process
• Programs must implement social norms– Ownership– Identity– Integrity– Privacy
• Two basic techniques are used– Authentication– Encryption
Ownership• Who has the right to use a computer?
• Who establishes this policy? How?– What equity considerations are raised?
• Can someone else deny access?– Denial of service attacks
• How can denial of service be prevented?– Who can gain access and what can they do?
Identity
• Establishing identity permits access control
• What is identity in cyberspace?– Attribution
• When is it desirable?
– Impersonation• How can it be prevented?
• Forgery is really easy– Just set up your mailer with bogus name and email
Authentication
• Used to establish identity
• Two types– Physical (Keys, badges, cardkeys, thumbprints)– Electronic (Passwords, digital signatures)
• Protected with social structures– Report lost keys– Don’t tell anyone your password
• Password sniffers will eventually find it
Good Passwords
• Long enough not to be guessed– Programs can try every combination of 4 letters
• Not in the dictionary– Programs can try every word in a dictionary– And every date, and every proper name, ...– And even every pair of words
• Mix upper case, lower case, numbers, etc.
• Change it often and use one for each account
Integrity
• How do you know what’s there is correct?– Attribution is invalid if the contents can change
• Access control would be one solution– No system with people has perfect access control
• Risks digest provides plenty of examples!
• Encryption offers an alternative
Privacy
• What privacy rights do computer users have?– On email?– When using computers at work? At school?– What about your home computer?
• What about data about you?– In government computers?– Collected by companies and organizations?
• Does obscurity offer any privacy?
Encryption• Separate keys for writing and reading
– Pretty Good Privacy (PGP) is one “standard”
• Identity– “Digital signature” from a private write key
• Integrity– Public read key will decode only one write key
• Privacy– Either write key or read key can be kept secret
Cookies• Web servers know a little about you
– Machine, prior URL, browser,
• From this they can guess a little more– Path you followed, who is on that machine
• Cookies allow them to remember things– They send you a string and your browser stores it– If they ask for the string, your browser provides it– The string can represent identity and/or information
Copyright• Intellectual property - patents, trademarks,
copyright
• Copyright is the “right to make copies”
• The expression of the intellectual content is copyrighted -- not the idea itself
• Copyright procedures– no longer a need to register– life + 75 years
• Some key concepts– Fair use– First sale
Access Control Issues• Protect system administrator access
– Greater potential for damaging acts– What about nefarious system administrators?
• Trojan horses– Intentionally undocumented access techniques
• Firewalls– Prevent unfamiliar packets from passing through– Makes it harder for hackers to hurt your system
Denial of Service Attacks• Viruses
– Platform dependent– Typically binary
• Virus checkers– Need frequent updates
• Flooding– The Internet worm– Chain letters
Policy Solutions• Five guidelines
– Establish policies– Authenticate– Authorize– Audit– Supervise
• CSC Acceptable Use Policy
Crisis Management
• Computer Emergency Response Team– Issues advisories about known problems– Need to make sure these reach the right people
• Information Warfare– We depend on our information infrastructure– How can we prevent attacks against it?
• Hacking is individual, this would be organized
– Policy for this is still being worked out
Complex System Issues
• Critical system availability– Who needs warfare - we do it to ourselves!
• Understandability– Why can’t we predict what systems will do?
• Nature of bugs– Why can’t we get rid of them?
• Audit-ability– How can we learn to do better in the future?