Legal Privacy and Ethical Issues in Computer Security.pptx
KRITARTHBANSAL1
2,493 views
17 slides
Jan 05, 2023
Slide 1 of 17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
About This Presentation
Legal Privacy and Ethical Issues in Computer Security
Slide Content
Legal, Privacy, and Ethical Issues in Computer Security
Legal , Privacy, and Ethical Issues in Computer Security Human Controls Applicable to Computer Security : Basic Legal Issues a) Protecting Programs and Data b) Information and the Law c) Ownership Rights of Employees and Employers d) Software Failures (and Customers) Computer Crime Privacy Ethic s a) Introduction to Ethic s b) Case Studies of Ethic s c) Codes of Professional Ethics
Protecting Programs and Data Copyrights — designed to protect expression of ideas (creative works of the mind ) Ideas themselves are free Different people can have the same idea The way of expressing ideas is copyrighted Copyrights are exclusive rights to making copies of expression Copyright protects intellectual property (IP) IP must be: Original work In some tangible medium of expression
Patent — designed to protect tangible objects , or ways to make them (not works of the mind) Protected entity must be novel & nonobvious The first inventor who obtains patent gest his invention protected against patent infrigement Patents applied for algorithms only since 1981 Trade secret — information that provides competitive edge over others Information that has value only if kept secret Undoing release of a secret is impossible or very difficult Reverse engineering used to uncover trade secret is legal! T.s. protection applies very well to computer s/w E.g., pgms that use algorithms unknown to others
Copyright Patent Trade Secret Protects Expression of idea, not idea itself Invention—way something works S ecret, competitive advantage Protected Object Made Public Yes ; intention is to promote pub lication Design filed at Patent Office No Must Distribute Yes No No Ease of filing Very easy, do-it-yourself Very complicated; specialist lawyer suggested No filing Duration Originator’s life + 70 yrs ; 95 y. For company 19 years Indefinite Legal Protection Sue if unauthorized copy sold Sue if invention copied /reinvented Sue if secret improperly obtained
Protecting Programs and Data How to protect: H/w Patent Firmware (microcode) Patent physical device, chip Use trade secret protection Copyright s/w such as embedded OS Object code s/w Copyiright of binary code Copyright of source code Need legal precedents Source code s/w Use trade secret protection Copyright reveals some code, facilitates reverse engineering Need legal precedents, too
Information and the Law Characteristics of information a s an object of value Not exhaustable Can be replicated Has minimal marginal cost Value is often time dependent Can be transferred intangibly
Criminal Law Civil Law Defined by Statutes Common law (tort l .) Contracts Cases brought by Government Government Individuals and c ompanies Wronged p arty Society Individuals and c ompanies Remedy Jail, fine Damages, typically monetary Comparison of Criminal and Civil Law
Ownership Rights of Employees and Employers Ownership rights are computer security issue Concerned with protecting secrecy (confidentiality) and integrity of works produced by employees of an employer Ownership issues in emploee/employer relations: Ownership of products Products/ideas/inventions developed by employee after hours might still be owned by her employer Esp. if in the same „line of business” Ownership of p atent s If employer files for patent, employer will own patent Ownership of copyrights Similar to patents Trade s ecret p rotection No registered inventor/author—owner can prosecute for damages
Ownership Rights of Employees and Employers (2) Type of employment has ownership consequences Work for h ire All work done by employee is owned by employer Employment c ontract s Often spell out ownership rights Often includes agreement not to compete (for some time after termination) Non-competition is not always enforceable by law License s Programmer retains full ownership of developed s/w Grants license for a fee
Software Failures (& Customers ) - If not correct: ask for refund, replacement, fixing Refund: possible Replacement: if this copy damaged, or improved in the meantine Fixing: rarely legally enforced; instead, monetary awards for damages Correctness of s/w difficult to define/enforce legally Individual can rarely sue a major s/w vendor Prohibitive costs for individual
Issue 2: Reporting software flaws Should we share s/w vulnerability info? Both pros and cons Vendor interests Vendors don’t want to react to individual flaws Prefer bundle a number of flaw fixes User interests Would like to have fixes quickly Responsible vulnerability reporting How to report vulnerability info responsibly? E.g. First notify the vendor, give vendor a few weeks to fix If vendor delays fixes, ask „coordinator” for help Coordinator—e.g., computer emergency response center
Computer Crime Separate category for computer crime is needed Because special laws are needed for CC Value of i ntegrity and c onfidentiality /privacy Value of privacy is now recognized by several federal/state laws Value of d ata Courts understand value of data better Acceptance of c omputer t erminolog y Law lags behind technology in acceptance of new terminology
Privacy Identity t heft – the most serious crime against privacy Threats to privacy Aggregation and d ata m ining Poor s ystem s ecurity The Internet as privacy threat Unencrypted e-mail / web surfing / attacks Corporate r ights and p rivate b usiness
Controls for protecting privacy Authentication Anonymity Pseudonymity
Introduction to Ethic s Law vs. Ethics Law alone can’t restrict human behavior Impractical/impossible to describe/enforce all acceptable behaviors Ethics/morals are sufficient self-controls for most people
Most ethical and legal issues in computer system are in the area of individual’s right to privacy versus the greater good of a larger entity i.e. a company or a society. For example, tracking how employees use computers, crowd surveillance, managing customer profiles, tracking a person’s travel with passport and so on. A key concept in resolving this issues is to find out, what is a person’s expectation of privacy. Classically, the ethical issues in security system are classified into following 4 categories: Privacy: This deals with the right of an individual to control personal information. It is the protection of personal or sensitive information. Privacy is subjective. Different people have different ideas of what privacy is and how much privacy they will trade for safety or convenience. Accuracy: This talks about the responsibility for the authenticity, fidelity an accuracy of the information. Property: This determines who the owner of the information is and who controls access. Accessibility: This deals with the issue of the type of information, an organization has the right to collect. And in that situation, it also expects to know the measures which will safeguard against any unforeseen eventualities.
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 2,493
- Slides 17
- Age 1062 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views