Privacy and Security on the Internet
Privacy and Security on the Internet
Paper # 1
Meghan Axe
Ellen M. Collins
Yumiko Mitarai
Kevin D Kelsey
Abraham Bernstein
Introduction
Privacy and Security are major issues involved with Electronic-Commerce. Quite a few years have gone by since the publication of Clifford Stoll’s Book ‘The Cuckoo's Egg : Tracking a Spy Through the Maze of Computer Espionage’[1] raised major concerns about the security of our computer networks. Those concerns have reached everybody’s consciousness and have not disappeared since then. The major question Is the Internet trustworthy? has been on people’s minds. What security and privacy level do we want and how much are we prepared to pay for it? The purpose of this group’s work is to help people understand the technical and legal foundations of the debate and their application in electronic commerce.
1. Needs and Requirements
1.1 Government
Under Vice President Gore’s leadership, the National Performance Review charged the Federal Networking Council (FNC) with the task of formulating an extensive Internet Security Plan. The US government wants to develop and proclaim a Federal Internet Umbrella Security Plan that interconnects the federal IT community with state, local, commercial, public, private, and foreign government activities. Since such a central control or any Internet security standards do not exist in current cyberspace worlds, security differences between networks make the systems more vulnerable to break-ins, computer viruses and other hostile attacks.
The US government’s information systems are not an exception from such attacks. For example, the US defense department’s computer security force said that hackers succeeded in penetrating the Pentagon computer systems 160,000 out of 250,000 times in 1995. Another example is that contents of the US Labor Party’s World Wide Web site were changed by hackers in December 1996. According to a survey conducted by Dan Farmer (a creator of SATAN[2]), more than 60 percent of web sites (banks, credit unions, US government agencies, and newspapers) could be broken into, and their content changed or destroyed. All of these incidents show that hackers are better equipped. In the short term, the government can regulate such malice actions by law. However, in the long term, the government may need to change the whole infrastructure (standard) so that hackers can not do anything.
1.2 Institution/ University
An institution like a university used to have a closed network; students did not have access to computers outside of the university’s network. However, most schools nowadays allow students access outside of their networks. For example, the MIT Sloan School of Management uses a Web page for pre-registration. In order to bid for the courses that he/she wants to take, a student has to access the course bidding web page. In the university, students voluntary offer their information, such as home pages, and the administration puts students’ information, which ranges from grades to financial aid records, on the Internet. Fortunately, MIT has never been attacked by hackers before. The current problem seems to be that students have too many passwords to access their confidential information.
MIT is now planning to implement WebSIS, a secure Web server, by May 1997 because it will be a more user friendly-system. Secure Web servers make use of the Secure Socket Layer (SSL) protocol to provide user authentication to the server as well as proof to the user that the server is what it claims to be. In addition, all information sent from and to a secure Web server is encrypted so that network eavesdroppers cannot listen in. The students must have an Athena account and obtain a digital certificate. As an option, they can have a second password.
However, an institution like MIT also faces the issue that there is no standard system to follow. Time and switching costs will always be issues. In other words, as technology changes quickly and often, it is hard for the university to protect students’ privacy by keeping up with new technology.
1.3 Access Providers
Since there is no security standard on the Internet, each access provider will make its own system for its protection. For example, Compuserve offers Virtual Key which is RPA (Remote Passphrase Authentication). Compuserve users can access premium content not only from CompuServe, but also from other leading fee-based Internet sites without subscribing or paying an additional charge. Virtual Key technology requires users to have only one password. American On-line (AOL) uses SSL that Netscape provides. When AOL users communicate with a secure server using SSL, all messages are automatically encrypted before they are sent across the Internet. BBN provides its Planet’s Site Patrol, which is a turnkey managed Internet firewall service. BBN believes that it offers a higher degree of perimeter security at a lower cost.
Having many different security systems by each provider does not protect consumers effectively. For example, Netscape says that its certificate is not recommended to use on multiple servers. It is not effective unless SSL is implemented on both the client and server. But, since each different access provider has different systems for security, it is not always true.
1.4 Business
Intranet/communication Privacy: The ability to communicate within a business without outside parties observing communications is necessary before companies can use the internet for business communications. This requires both authentication and cryptography. The people conducting business must be sure of who they are communicating with, but they don't want their competitors to listen in. At the same time, communication between different companies must be possible, while maintaining privacy.
Confidential Information (Health providers, etc.): Most businesses are entrusted with confidential information from their customers. Whether it is a patient's health record, or a customer's credit card number, businesses must not reveal this information. However, the customer may want this information to be given to someone else. For example, if a businessman on a trip becomes ill, he may want certain information about him to be provided by his normal physician (like allergies to medication). This is a difficult task on a number of levels. First, you must have a system to transmit the information without its being eavesdropped upon. Next, the information must be divided up into layers between public and differing degrees of private information. Third, there must be an authentication process to find what level of private information is being requested and should be sent.
1.5 General Public Needs
Privacy
Email: In recent years email has become a prominent form of communication between people. When an email is sent out, the information contained within the message becomes available to anyone who has the right software to listen in, unless the message is encrypted. Although many people may not be sending information that is particularly sensitive, it is possible that this information can be used in inappropriate ways. In addition, the Constitution guarantees privacy.
Web Browsing: The World Wide Web has developed into an amazing array of pages with information on almost any subject. This can be both a powerful tool and a source of entertainment. However, while browsing the web, it is possible for people to track where individuals visit. Although this may seem harmless, when combined with other information that is available on the web, personal information can be obtained. There is no guarantee that this information will be used responsibly.
Anonymity (Newsgroups, etc.): There are times when someone would like to keep his or her identity secret on the Internet. This can be to keep information about themselves confidential, or just to keep people from knowing who they really are. While people should have the right to maintain anonymity, it is necessary for government policing agencies to be able to stop criminal activities from occurring under this shroud of anonymity.
Security
Internet Purchases: It is now possible to buy almost anything on the Internet. Most of these purchases are paid for with credit cards. It is necessary to keep this information secret from observers on the Internet. Credit card fraud is already a huge expense, and this represents an even greater risk as electronic commerce grows. The difficulty does not lie in encrypting the credit card transmissions, because this technology already exists, but rather in verifying that the person to whom you are sending the number is reputable and in establishing a system that everyone uses.
Authentication: Authentication is the verification of the user's identity by the company providing the user service. It is necessary for a company to authenticate that the correct person is using the service, so that the user’s identity is known. This prevents users from misusing the services without correctly identifying the party. Cases exist where computer “hackers” have broken into an individual’s e-mail account and sent out fraudulent, harmful messages. Authentication systems would attempt to stop this.
File Transfer: The use of file transfer protocols (ftp) can potentially make floppy disks obsolete. However, to enable this, it is necessary to encrypt information contained in the files to keep casual listeners from gaining access to the information. When files are transferred this method, they are sent in packets of data with no protection from anyone who may attempt to intercept the contents. For the encryption system to function, both the sender and receiver of the data must have the ability to encrypt and decrypt.
File Access: It is possible to access files on the computer of someone on the Internet. For example, while browsing the web, there is a command that can be used to observe the names of all the files on a Windows based system. This violates an individual’s right to privacy, and constitutes an illegal search and seizure. This security threat has recently found in the Microsoft Internet Explorer. A serious bug in the system design allows remote web access to activate programs on the user’s computer. This potentially can cause security, privacy, and computer safety problems.
Viruses: In addition to the risk of having personal information revealed is the transfer of files, viruses can also be spread. A virus is a computer program designed to alter the functionality of the computer. Not all viruses are harmful, some merely are humorous to annoying. However, there are some viruses that can have horrendous affects on your computer, from erasing all information on the computer’s hard drive, to causing physical damage to the computer. Anytime information is sent from one computer to another, it is possible that the information is infected by a virus. While software exists to kill most viruses, it is impossible to keep up with all the new viruses being developed.
1.6 Parental Controls:
As children’s Internet access has increased dramatically, the question of their safety and access to inappropriate material has become a heated issue. Many parents sit their children in front of the computer screen rather than the TV screen to keep them occupied--never dreaming they need to monitor the Web’s content as they would with television programming.
Many consumer groups and lawmakers feel that limiting children’s Internet access is vital, while others cite it as censorship and a violation of the First Amendment. In this section, we’ll look at a senate bill proposed to limit children’s access and public response to this bill. We’ll also discuss some of the products which have been developed for parents to screen what their children can access.
Senator Jim Exon (D-Neb), along with colleagues, introduced the Communications Decency Act-1995 (CDA). This bill was developed to "protect children from exposure to offensive content." Those found posting indecent material which could be accessed by minors would face up to $250,000 in fines and a two year jail sentence.
In a February 27 reaction letter to a Washington Post editorial, Senator Exon stated:
"The Communications Decency Act, first and foremost, extends to computer users the same protection that has existed for years for telephone users. The fear, annoyance and harm engendered by obscene or harassing messages over a computer are as real as those over the telephone. Under my bill, those who use a telecommunications device such as a computer to make, transmit or otherwise make available obscene, lewd, indecent, filthy or harassing communications could be liable for a fine or imprisonment. That is the same language that covers use of the telephone in such a manner. The legislation does not make innocent "carriers" of electronic messages liable for inappropriate messages, nor does it by any stretch of the imagination require system operators to "eavesdrop" on electronic messages. To do so would be the equivalent of holding the mail carrier liable for the packages he delivers."
Senator Exon’s distinction and telephone analogy is important as many view the CDA as direct censorship. Those opposed to the CDA assert that the Act forces people who desire to post material on the Internet to wait for governmental approval or denial. Shabbir Safdar, co-founder of the activist group, Voters' Telecommunication Watch, sums up the oppositions’ views stating “they (government) basically want to turn the Internet into Barney the dinosaur."
House Representatives Christopher Cox (R-Calif.) and Ron Whyden (D- Ore.) were concerned that the Federal Communications Commission would gain too much control over the Internet if the CDA passed so they introduced their own legislation, HR 1978 IH. The bill includes two parts: the Internet Freedom Act, which opposes all attempts to censor and regulate any forms of the Internet, and the Family Empowerment Act, which advocates private censorship of online material.
To enable this private censorship, many software companies have developed programs to help parents limit their children’s Internet access. The software serves as an Internet filter to steer children clear or completely block-out, inappropriate materials or inquiries.
There are two basic types of filtering software. The first kind searches sites and communications on the Net for predetermined words, phrases, or bits of content that may not be appropriate for children. If found, the software breaks the connection and logs the child off.
The second kind of filtering software maintains an updated memory bank of inappropriate sites. Software such as Cyber Patrol works to block a child's accessibility to the specific sites altogether.
Following is a partial list of parental control software and Internet links to their websites: Safesurf Internet Filtering System, NetNanny, SurfWatch, and Cyber Patrol. Although not absolutely foolproof, the creators of these programs see them as a way to let parents rather than the government control their children’s Internet access.
2. Legal Issues
Big Brother is watching you.
George Orwell
1984[3]
In the United States, many people believe that they have a right to privacy. As such, people often may assume that their personal activities, when not criminal, are free from most public scrutiny. People also may assume that they have some control over the information that others have about them. To prospective employers, they reveal their professional selves. To bankers, brokers, and other parties to commercial transactions, they reveal their financial selves. To friends, they reveal their social selves. To family, they may reveal their more intimate selves. To the government, they reveal what is required. To their adversaries, they reveal nothing.
Information technology is changing this. Companies consolidate publicly available information about people from real estate, tax and other public records into demographic profiles and sell it. Organizations sell their mailing lists. Web-sites and web-browsers collect as “cookies” the addresses of other sites visited by a particular customer. While these developments clearly present new economic opportunities, much of this data accumulation may occur without the knowledge or consent of the person who is providing information. Speakers in our Electronic Commerce class clearly believe that they own and have the right to sell private information that they collect about their customers. Thus, information given to a particular person for a particular purpose may become publicly available for general use. While, in the best case, this may result in highly targeted marketing, in the worst case, denial of economic opportunities based on demographic assumptions may occur. In addition, conversations about people, products and prices in electronic “chat rooms” can be observed globally. A single on-line statement, especially if erroneous, can do great harm.
What does the right to privacy mean in this global, on-line world? Ironically, in the United States, the answer lies in law developed long before the invention of the Internet--in the Constitution and in the common law of torts--as well as in recent federal legislation designed specifically for this purpose.
2.1 The Constitution
The Constitution of the United States[4] affords citizens a right of privacy from intrusion by the government. In Katz v. United States,[5] the United States Supreme Court held that, when there is a reasonable expectation of privacy, the Fourth Amendment protects citizaens from unreasonable searches and seizures. Although privacy is not explicitly referred to in the text of the Constitution, in Griswold v. State of Connecticut,[6] the United States Supreme Court held that privacy is an implicit constitutional right:
.....the guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that help give them life and substance........Various guarantees create zones of privacy. The right of association contained in the penumbra of the First Amendment is one, as we have seen. The Third Amendment in its prohibition against the quartering of soldiers "in any house" in time of peace without the consent of the owner is another facet of that privacy. The Fourth Amendment explicitly affirms the "right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” The Fifth Amendment in its Self-Incrimination Clause enables the individual to create a zone of privacy which government may not force him to surrender to his detriment. The Ninth Amendment provides: “The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.”
This right is not absolute. It must be balanced against the degree of the government’s interest in regulation. Although the Constitution was written and Griswold and its progeny were decided long before the technology underlying the internet was conceived, the law embodied in these documents will be applied to the government’s activities in electronic commerce.
The right to privacy and the related rights enumerated in the Bill of Rights may provide a basis for system operators and on-line service providers, to protect the anonymity of people using pseudonyms, e-mail lists, and bulletin board user lists from government inquiry, provided that this information has not otherwise been made publicly available (as it often is). Under certain circumstances, this protection may exist even though the government has produced a search warrant or court order as required by the Fourth Amendment. Especially in cases relating to political activity, the writer’s rights to freedom of speech and association may, under certain circumstances, be deemed to outweigh the government’s interest in regulation.[7] Notwithstanding their potential availability, these protections are often in effect waived by contract because the on-line service provider, bulletin board or web-site operator either cooperates with the government out of fear of litigation or has a policy of making the information publicly available.
In addition, the rights to privacy and free speech may provide a constitutional basis for the practice of encryption. Notwithstanding the United States government’s opposition to the use of the most advanced encryption techniques, at least with respect to the use of encryption within the United States, the government’s interest in wiretapping and other forms of surveillance may, under certain circumstances, be outweighed by citizens’ rights to privacy and free speech.
2.2 Federal Statutes Protecting Electronic Privacy
Federal statutes, such as the Fair Credit Reporting Act of 1970 (which protects a person’s credit and insurance history from abuse by commercial credit agencies) and the Telemarketing Consumer Protection Act of 1994 (which enables the Federal Trade Commission to prevent telemarketers from invading privacy), will be applied to on-line and internet commerce. In addition, the Electronic Communications Privacy Act (ECPA)[8] and sections of the Telecommunications Act of 1996[9] contain provisions that protect the privacy of on-line users.
The Electronic Communications Privacy Act
Subject to certain exceptions, the ECPA makes it unlawful for any person or entity (including government agents) to intercept intentionally any electronic communication (contemporaneous with the electronic transmission thereof) or to use intentionally or disclose intentionally the contents of any electronic communication so unlawfully obtained. Unfortunately, the exceptions to this law are so broad that they significantly limit the scope of its protection. Under the ECPA, system operators may do any of the above activities without violating the ECPA if they do so in the ordinary course of debugging or maintaining the system, if they have the consent of any party to the particular communication, if they have a search warrant or other court order authorizing interception, or if they keep records to protect providers or users from fraudulent, unlawful, or abusive use of the service.
The ECPA also prohibits unauthorized access or access exceeding authorized access to information stored in an electronic communications service, as well as disclosure of the contents of e-mail to which the disclosing person was not a party. This provision prohibits reading or altering the e-mail of others as a result of inadvertently gained authority or system flaws or bugs, preventing people from accessing their e-mail, and getting an account through “hacking.” America On-Line has successfully used the ECPA to prevent advertisers from sending unsolicited e-mail.[10]
While the ECPA provides for both civil and criminal penalties, proof of intent is required. Since this is often very difficult, rights under the ECPA are often difficult to enforce.
The Telecommunications Act of 1996
The Telecommunications Act of 1996 requires telecommunications carriers to protect the confidentiality of “individually identifiable customer proprietary network information” (CPNI), except as required by law or with the written consent of the customer. Under the Act, however, carriers may use or disclose this information to bill customers, to protect the carrier’s rights or the customer from unlawful use of the service, and to permit telemarketing and other similar services where the customer initiated the call and approved the use of such information. Thus, this provision appears to permit the collection of “cookies.” Clarification of the meaning and extent of the requirements for customer consent is being sought.
2.3 State Common Law
While various state constitutions and state statutes protect privacy in a manner similar to that of the United States Constitution and federal statutes, the common law of torts protects people against invasion of privacy by enabling the injured person to sue the perpetrator for damages. In most states, causes of action in tort for invasion of privacy include public disclosure of private facts, false light, wrongful intrusion and commercial misappropriation. Because the internet provides for immediate global publication of information, both the frequency of these lawsuits and the amount of damages awarded may increase substantially. However, these laws do not appear to limit the development of data bases consolidating demographic information on particular individuals.
Public Disclosure of Private Facts
An injured person can sue for invasion of privacy on grounds of public disclosure of private facts if there is widespread disclosure of sensitive private information (even if the information is true) and if the publication of the private information would be “highly offensive to the average person.” Private information can include photos or other digitized images, as well as text. Because posting to the Internet provides for immediate global access to private information, use of these lawsuits may increase.
For a lawsuit to be successful, the sensitive information must remain private. Facts, although very sensitive or embarrassing, may be deemed to be no longer private if they are common knowledge or if they have been the subject of prior publicity. Similarly, if the person to whom the private facts relate consents to disclosure, sensitive information is no longer protected. If the person to whom sensitive information relates has told it in confidence to another person, such consent may be deemed to have been given. In addition, “newsworthy” private information can be disclosed without liability. For this to be the case, there must be legitimate or current public interest in the subject matter that would justify disclosure or the person to whom the facts relate must be a public figure. The collection of financial and other demographic information useful to marketers appears to be permitted because the requirements that the information be “highly offensive to the average person” and be broadly disclosed are not satisfied.
False Light
Under this cause of action, a person who misrepresents the characteristics or views of another can be sued for the resulting damage to that person’s reputation. Such misrepresentations place the person in a bad or false light. Unlike actions for libel or defamation, the information does not have to be defamatory; the test is whether the information that is wrongfully attributed would be “highly offensive to a reasonable person.” Consent and newsworthiness are also defenses to claims of false light.
Wrongful Intrusion
Here, a person whose seclusion or solitude is intruded on may sue the offending party if the intrusion is highly offensive. Publication is not required. In an on-line world, reading another’s correspondence, breaking into data files, or negligently maintaining an intranet or e-mail system in a manner (or providing access to a system area) that enables others to do the above easily may also be grounds for a lawsuit. Collecting information, without more, has not been viewed as an invasion of privacy.
Commercial Misappropriation
Some states have held that commercial misappropriation constitutes an invasion of privacy. Under this cause of action, a person can sue if his or her name or likeness is used without his or her consent for commercial purposes. On-line users should proceed with caution in incorporating digitized images of others into web pages that can be used for commercial purposes.
Defamation
The causes of action for invasion of privacy described above are available when the information disclosed or obtained is true. However, if certain requirements are met, publication of false information about a person or business may result in an additional claim for defamation. While defamation is beyond the scope of this paper, it is important to note that publication of false information in a medium that offers both quick, easy, low cost publication (through posting on web-sites and bulletin boards) and immediate global access to published information can cause enormous harm. Consequently, especially in businesses or activities where reputation is very important to commercial success, the liability for monetary damages can be enormously high. In this environment, false statements about one’s competitors could be very costly.
2.4 Jurisdiction
While our research has focused on United States law, given the global reach of the Internet, it is not clear which state or country’s law will apply. Although this approach is open to dispute, maintenance of a site on the web that is available to citizens of a particular state has been used as a basis by that state to assert jurisdiction. Since rights to privacy differ from state to state within the United States and between the United States and other countries, activities, such as data collection, that may be permissible in one place may be prohibited or more strictly regulated in others.
3. Technology Background
The technological background of privacy and security in network computing in general and Internet computing in particular can be divided in two different parts. First, there is the question whether the technology to support a certain need is mathematically available, i.e. the theoretical solution exists. The second question is whether it is technically available on the marketplace as a product that people can buy off the shelf. Let us first focus on different types of security and privacy needs and then see whether they can be fulfilled with existing tools in the theoretical domain and in the marketplace.
3.1 Classification of Needs
The needs for computer security and privacy can be divided into three categories: Data Encryption, Authentication and Authorization.
Data encryption deals with transforming messages into a secret format. This secret format cannot be decrypted without the decryption key so the information in the message is safe from eavesdropping. For example, Alice and Bob may want to share some information with each other. At the time Alice wants to transfer some information to Bob, they don’t have a secure channel: the only channel of communication that they have can be observed by Eve, who wants to know what Alice and Bob are talking about (see Figure 1).
[pic]
Figure 1: Basic encryption
Authentication deals with the problem of identifying a person or of ensuring a person’s anonymity. For example, when you withdraw money from your Bank Account, the Bank has to find out if you really are who you claim to be. The technique used most in the real world is signatures. On the other hand, you may also want to be sure that your counterpart has no way to identify who you are; for example, when you fill out a statistical survey, you don’t want the answers to be traced back to you. The complicated case is when you want to make sure that your counterpart can make sure that you are who you claim to be without knowing who you exactly are. Examples of this were the Swiss numbered Bank accounts (they do not exist in this form anymore). There, the authentication was done by comparing the signature and the number of the account without proving a person’s identity.
The last category deals with authorization. Before a bank actually gives you the money you withdraw, it checks whether you are allowed to withdraw the money. In some cases, for example, when you are a minor, your account may be locked although you own it. This problem can be solved by having a simple access control list and will therefore not be treated in the rest of this chapter.
3.2 The Mathematical Availability
Mathematicians and scholars have worked for millennia to ensure secure transfer of information. The Romans, for example, encrypted information about their attack strategy during battle. During the Second World War, cryptographers on both sides tried to decipher messages radioed from commanders to their troops. In this war of encrypting and decrypting information, computational theory was introduced as a part of mathematics in order to understand the theory behind encryption (Robert Harris describes this very nicely in his novel ‘Enigma’ see URL: ).
Today, mainly two secure systems are being used. The first one is the one time substitution cipher. A substitution cipher is a list which defines which letter is replaced by what other letter. So if we decide to replace all S’s with D’s, L’s with V’s (O’s with G’s, A’s with Y’s etc.) SLOAN would be transferred as DVGYM. This system has the problem that statistical analysis of the messages transferred can lead to the decryption of this code.
The advantage of the one time substitution cipher is that the lists of numbers are only used one time. Every number in this list is added to the position of the letter in the alphabet, which results in a new number. The substitute is the letter, which is in the new number’s position in the alphabet (see Figure 2 for an example). In order to ensure security every key is only used once. This system has the advantage that it is absolutely break proof. The main problem with it is that one has to have a secure channel at the beginning in order to exchange the list of random numbers.
[pic]
Figure 2: an example for a one-time substitution (from [Dell96])
The second secure method is public key system. In most cases, they use a mathematical property of prime numbers to give every user a set of two keys. One key is public and posted, e.g. on the Web. So when Alice wants to transfer a message to Bob, she would take his public key and encrypt the message. The message can only be decrypted with Bob’s private key, so having the public key does not help to decrypt the message.
This system can also be used as an authentication method. If Bob encrypts a message with his private key stating ‘I am Bob’, everybody can use his public key to decrypt this message but no one can mimic this encrypted message because they don’t have his secret key (for more information about that see Neal I. Koblitz: A Course in Number Theory and Cryptography (Graduate Texts in Mathematics, No 114) URL: ). The main problem of these methods is not that they are unbreakable, but that the computation time in order to break them is believed to be very long. So they are not theoretically safe, rather there is no known method to break them. Newer methods are emerging that are theoretically secure, but they are still in the research state (check the following URL for publications: )
As stated above, using public key systems can solve the authentication problem. A new problem arises when we want to guarantee authentication and anonymity. This occurs when we want to use our credit card without telling the shop who we are. This problem can also be solved by using an elaborated encryption protocol (see the references above for more information about this). Such systems are in use with certain electronic payment systems.
3.3 The Availability in the Market, Problems with the Implementation
The algorithms mentioned are all available as software packages on the market. So if someone wants to implement them, he/she could theoretically buy them as off-the-shelf products. The first problem is that export restrictions apply to cryptography software. So if a multinational company wants to use a certain secure algorithm worldwide, they may not be allowed to do so because they are not allowed to export the technology needed. The international version of Netscape, for example, uses a reduced key for the encryption of data transferred over secure connections. A French student cracked the weakened algorithm shortly after the introduction of Netscape Navigator 3.0.
The second main problem is that people are not aware of their security holes. They simply don’t secure their system, or they use standard passwords (like the installation passwords or the first name of their girl/boy-friend). In addition The complexity of today’s software systems demands an enormous amount of knowledge about computer security in order to secure a system. Some specialists even argue for this reason, that it is impossible to make a system completely secure and still connected to the network.
Conclusion
We have shown that a number of security and privacy issues are of concern on the Internet. Society and its institutions, of governmental and non-governmental have to deal with this, find solutions to those problems and raise awareness to these issues.
References
References
[Dell96] Dellarocas, Chrysanthos: Lecture Notes for 15.564, Fall 1996
Sites
Security
Government
(FNC)
(Gore)
The Financial Times (12/12/96 & 1/1/97)
Institution
(WebSYS)
(SSL)
Access Provider
(AOL)
(BBN)
(Compuserve)
(Virtual Key)
-----------------------
[1] URL:
[2] Satan - "Security Administrator Tool for Analyzing Network" is an Internet program automatically checks computers to find security holes. (The Financial Times)
[3] URL:
[4] URL:
[5] 389 U.S. 347 (1967)
[6] 381 U.S. 479 (1965)
[7] Gibson v. Florida Legislative Investigation Committee, 372 U.S. 539 (1963)
[8] 18 U.S.C. SS 2510-2520
[9] 47 U.S.C. SS 222
[10] America On-line Inc. v. CyberPromotions No. 1, 96CV462 (ED Va. 1996)
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- selling on the internet for free
- marketing on the internet strategies
- positive effects of the internet on education
- groups and periods on the periodic table
- periods and groups on the periodic table
- trending on the internet today
- msn privacy and security settings
- internet privacy and security
- online privacy and security
- online privacy and security article 2020
- columns and groups on the periodic table
- the internet and higher education