3.

0 || Intended Learning Outcomes

(ILOs) and Topics
Intended Learning Outcomes (ILOs)
By the end of the lesson, you will be able to

1. Discuss how to protect the Email, spam, and world wide web;

2. Elaborate the online censorship, freedom of expression, and online protection

for children;

3. Determine some of the moral issues and internet addiction; 

4. Discuss the Intellectual Property and how to protect it; and

5. Determine several software copyrights.

Topics
This module covers the following topics:

1. Network Communication

2. Attribute of the Web

3. Censorship

4. Intellectual Property

5. Digital Rights Management

6. Software Copyright

NOTE: Click the "Next" button to proceed in the lesson.

 
3.1 || Network Communication

Overview
Introduction
Email and spam
Fighting spam
World Wide Web
Ethical perspectives on pornography
Censorship
Freedom of expression
Children and the Web
Breaking trust on the Internet
Internet addiction

Introduction
Networking increases the computer’s utility
In addition to Word processing, Excel, …etc, you can share printers, extra storage, exchange
data, e-mail.
Internet connects millions of computers
Powerful computational resource
E-mail, surfing www, promoting your company.
Even more powerful communication medium
Network utility grows as the number of users squared
10 users --> 90 sender-receiver combinations
100 users --> 9900 sender-receiver combinations
As people grows
The network may suffer overload
people may act irresponsibly
How Email Works
Email: Messages embedded in files transferred between computers
Email address: Uniquely identifies cyberspace mailbox (2-parts User….@ Domain....)
Messages broken into packets
Routers transfer packets from the sender’s mail server to the receiver’s mail server

Figure below shows how email really works.

Image Reference: https://www.oasis-open.org/khelp/kmlm/user_help/html/how_email_works.html (https://www.oasis-

open.org/khelp/kmlm/user_help/html/how_email_works.html)

From the user standpoint, email seems so simple. You set the email address of the person to whom
you want to send the email, compose your message and click 'Send'. All done.

In reality, sending your message off into the network cloud is a bit like sending Little Red Riding Hood
into the deep dark woods. You never know what might happen.

Network Cloud - the set of all mail servers and connectors within a company or organization. 

The Spam Epidemic

Spam: Unsolicited, bulk email
Amount of email that is spam has increased
 8% in 2001
40% in 2003
75% in 2007
90% in 2009
Spam is effective (Cheap way for Ads. $500 - $2000)
A company hires an internet marketing firm to send thousands of emails
More than 100 times cheaper than “Junk mail”
Profitable even if only 1 in 100,000 buys the product
How firms get email addresses
Opt-in lists
Dictionary attacks (made-up email addresses to ISP that bounce back)
Spammers seek anonymity
Change email and IP addresses to disguise sending machine
Hijack another insecure system as a spam launchpad
Spam blockers
Attempt to screen out spam (spam filters) by blocking suspicious subject lines.
Have led to more picture-based spam

Ethical Evaluations of Spamming

Kantian evaluation (receiving ads via cell phone costs money. Using people as a means for an
end ---- profit)
Act utilitarian evaluation (1 from 100,000 will buy)
Rule utilitarian evaluation (if millions of people are interested to respond to spam there will be no
way to accommodate them). In practice, tiny users respond and many others are thinking of
dropping their accounts)
Social contract theory evaluation

(you have the right to free speech doesn’t mean that all will listen – spammers are not introducing
themselves.

From all these perspectives, it is wrong to send spam

Fighting Spam: Real-Time Blackhole List

Trend Micro contacts marketers who violate standards for bulk email

–( a DB of IP addresses that make spam. Trend Micro sells this DB to organizations)

–Unsecured mail servers that have been hijacked may be regarded as spammers and they will be
blocked even if they are not spammers)
Ethical Evaluations of Publishing Blacklist

Social contract theory evaluation

Senders and receivers do not derive equal benefit from emails.
Utilitarian evaluation
Blacklisting will affect innocent users, receivers, and marketing firms, this will reduce the
benefits of internet utility as a whole.
Kantian evaluation
Innocent users are used as a means for an end (eliminating spams)

Proposed Solutions to Spam Epidemic

Require an explicit opt-in of subscribers

Require labeling of email advertising (all commercial emails must write ADS on the subject line)
Add a cost to every email that is sent for ads. A micropayment system is proposed
Ban unsolicited email by-laws (laws to prohibit spam as those laws made to junk faxes)

The emergence of “Spim”

“Spim” is an unsolicited, bulk instant message.

Ex: IM that has a link to a porn site.
People combat spim by accepting messages only from friends or buddies

Need for Socio-Technical Solutions

New technologies sometimes cause new social situations to emerge

Calculators  feminization of bookkeeping
Telephones  blurred work/home boundaries
Spam an example of this phenomenon
Email messages practically free
Profits increase with the number of messages sent
Strong motivation to send more messages
Internet design allows unfair, one-way communications – You might receive e-mail But you cant
reply

NOTE: Click "Next" to proceed.

3.1.1 || Attributes of the Web
Attributes of the Web

Attributes of the Web

It is decentralized

–No need for central authority

–BUT it becomes difficult to control the Web

Every Web object has a unique address

–URL.  Every Web page has a unique URL 

It is based on the Internet

–It needs browsers, media for storage, SW for retrieving data, ftp, OSs…etc.

How We Use the Web

Shopping
Contributing content (wikis, blogs)

–A wiki is a website that allows the easy creation and editing of any number of interlinked web pages
via a web browser using a simplified markup language. Collaborative site – many authors  

–Blogs are usually maintained by an individual with regular entries of commentary. Personal site (Ex:
online journal)

Promoting business
Learning
Exploring our roots
Entering virtual worlds
Paying taxes
Gambling
Lots more!

Too Much Control or Too Little?

 Not everyone in the world has Internet access
Saudi Arabia: centralized control center
People’s Republic of China: ISPs sign

“self-discipline” agreement
Germany: Forbids access to neo-Nazi sites
United States: Repeated efforts to limit access of minors to pornography

  – like child pornography

Pornography Is Immoral

Kant

–Loved person an object of sexual appetite

–Sexual desire focuses on the body, not the complete person

–All sexual gratification outside marriage wrong

Utilitarianism

–Pornography reduces the dignity of human life

–Pornography increases crimes such as rape

–Pornography reduces sympathy for rape victims

–Pornography is like pollution

–The pornography industry diverts resources from more socially redeeming activities

Utilitarianism

–Those who produce pornography make money

–Consumers of pornography derive physical pleasure

–Pornography is a harmless outlet for exploring sexual fantasies

Commentary

Performing utilitarian calculus on pornography is difficult

How to quantify harms/benefits, such as harm done to people who find pornography offensive?
How to deal with contradictory “facts” by “experts?”

–Harmless outlet AGAINST more likely to commit rape

3.1.2 || Censorship
Censorship

Direct Censorship

Government monopolization

–TV and radio stations

Prepublication review

–To monitor government secrets (Nuclear weapons)

Licensing and registration

–To control media with limited bandwidth. (Freqencies)

Self-censorship

The most common form of censorship

Group decides for itself not to publish
Reasons

–Avoid subsequent persecution (CNN in Iraq)

–Maintain good relations with government officials (if the offend government they loose their official
sources of information)

Rating systems

–Movies, TVs, CDs, video games

–Not the Web (some may have warned– and ask for agreeing to enter a site)

Challenges Posed by the Internet

Many-to-many communication

–It is easy to close a radio station BUT difficult to do so for a Web page (millions can post pages)

Dynamic connections
–Millions of PCs are connected to the internet yearly

Huge numbers of Web sites

–No way to monitor them all.

Extends beyond national borders, laws

Can’t determine the age of users

– an adult Web site can not confirm the age of a user

Ethical Perspectives on Censorship

Kant opposed censorship

–Enlightenment thinker

–“Have the courage to use your own reason”

Think for yourself

Mill opposed censorship

–No one is infallible

–Any opinion (not the majority opinion) may contain a kernel of truth (a part of the whole truth)

Mill’s Principle of Harm

“The only ground on which intervention is justified is to prevent harm to others; the individual’s own
good is not a sufficient condition.” When an individual’s act harms others the government must
intervene.

Freedom of Expression: History

18th century

–England and the colonies: No prior restraints on publication

–People could be punished for sedition or libel

American states adopted bills of rights including freedom of expression

Freedom of expression in 1st amendment to U.S. Constitution addressed this issue.

Freedom of Expression - Not an Absolute Right

 1st Amendment covers political and nonpolitical speech
The right to freedom of expression must be balanced against the public good
Various restrictions on freedom of expression exist

– prohibition of cigarette advertising on TV

Children and the Web: Web Filters

Web filter: software that prevents display of certain Web pages

–May be installed on an individual PC

–ISP may provide service for customers

Methodologies

–Maintain “black list” of objectionable sites

–Before downloading a page, examine content for objectionable words/phrases

Child Internet Protection Acts started to arise

Breaking trust on the Internet: Identity Theft

Identity theft: when a person uses another person’s electronic identity

More than 1 million Americans were victims of identity theft in 2008 due to their online activities
Phishing: use of email or Web pages to attempt to deceive people into revealing personal
information

Chat Room Predators

Chat room: supports real-time discussions among many people connected to the network
Instant messaging (IM) and chat rooms (which is similar to IM) replacing telephone for many
people
Some pedophiles meeting children through chat rooms
Police countering with “sting” operations
Policemen enter chat rooms to lure pedophiles.

False Information

Quality of Web-based information varies widely

–Moon landings
–Holocaust

Google attempts to reward quality

–Keeps a DB of 8 million web pages.

–Ranking Web pages use a “voting” algorithm

–If many links point to a page, Google search engine ranks that page higher

Is Internet Addiction Real?

Some liken compulsive computer use to pathological gambling

Traditional definition of addiction:

–Compulsive use of harmful substance or drug

–Knowledge of its long-term harm (misuse)

Kimberly Young created test for Internet addiction

– (8 questions on gambling on the Net)

–(5 “yes” ------- means addiction)

Her test is controversial

Contributing Factors to Computer Addiction

Social factors

–Peer groups

Situational factors

–Stress

–Lack of social support and intimacy

–Limited opportunities for productive activity

Individual factors

–Tendency to pursue activities to excess

–Lack of achievement

–Fear of failure

–Feeling of alienation
3.2 || Intellectual Property

Overview
Introduction
Intellectual property rights
Protecting intellectual property
Fair use
Peer-to-peer networks
Protections for software
Open-source software
The legitimacy of intellectual property protection for software

Introduction
Digital music storage + Internet ® crisis
Value of intellectual properties much greater than the value of media
Creating the first copy is costly
Duplicates cost almost nothing
Illegal copying pervasive
The Internet allows copies to spread quickly and widely
In light of information technology, how should we treat intellectual property?

What Is Intellectual Property?

Intellectual property: any unique product of the human intellect that has commercial value

–Books, songs, movies

–Paintings, drawings

–Inventions, chemical formulas, computer programs

 Intellectual property (idea) ≠ physical manifestation (paper)

Image below shows the different categories of Intellectual Property.

Managing your Intellectual Property as a Business Asset in China | Your IP Insider

Image Reference: Intellectual Property (https://www.google.com/url?sa=i&url=http%3A%2F%2Fwww.youripinsider.eu%2Fmanaging-intellectual-

property-business-asset-china%2F&psig=AOvVaw0oBh38Mxz5ilfGryN__5n7&ust=1599467122336000&source=images&cd=vfe&ved=2ahUKEwjhi8O-

jdTrAhVCgMYKHZ72BtYQjRx6BAgAEAc)

Property Rights

Locke: The Second Treatise of Government

People have a right…

–to property in their own person

–to their own labor

–to things which they remove from Nature through their labor (ex: cutting wood-logs-, gaining a land)

As long as…

–no person claims more property than he or she can use

–after someone removes something from the common state, there is plenty left over

Analogy Is Imperfect

If two people write the same play, both cannot own it ¾ every intellectual property is one-of-a-kind
If one person “takes” another’s playing, both have it ¾ copying an intellectual property is different
from stealing a physical object

Benefits of Intellectual Property Protection

Some people are altruistic; some are not

–People can benefit from having ownership of their ideas, and thus can improve the quality of life for
others

The allure of wealth can be an incentive for speculative work.

–Giving creators rights to their inventions stimulates creativity

Limits to Intellectual Property Protection

Society benefits most when inventions in the public domain

Congress has struck a compromise by giving authors and inventors rights for a limited time.

–Authors of the U.S. Constitution recognized the benefits to limited intellectual property protection.
(Ex: exclusive rights for novels for a limited period of time)

Protecting Intellectual Property

Trade secrets
Trademarks and service marks
Patents
Copyrights

Trade Secret

Confidential piece of intellectual property that gives the company a competitive advantage
Employees are asked to make a confidentiality agreement
Examples:

–Formulas, customers’ lists, strategic plans, proprietary design

Never expires
Not appropriate for all intellectual properties (movies- they should be viewed and not be kept in
secret??)
Reverse engineering allowed (buying a can of Coca-Cola and trying to figure out its formula is
legal)
May be compromised when employees leave the firm.

Trademark and Service Mark

Trademark: Identifies goods

–given by a government to a distinctive product

–Byword, symbol, picture, color, smell, sound

Servicemark: Identifies services

The company can establish a “brand name”
Does not expire
If a brand name becomes a common noun, the trademark may be lost (Aspirin)
Companies advertise to protect their trademarks, using adjectives, not verbs, or nouns.
 Companies also protect trademarks by contacting those who misuse them (photoshop must not
be used as a verb or noun from misusers)

Patent

A public (not secret) document that provides a detailed description of the invention
Provides owner with the exclusive right to the invention
The owner can prevent others from making, using, or selling the invention for 20 years
After that, anyone can make use of the idea
Example: Polaroid vs Kodak- instant photography

Copyright

Provides owner of an original work five rights

–Reproduction

–Distribution (copies of the work to public)

–Public display (copies of the work in public)

–Public performance

–Production of derivative works

Copyright-related industries represent 5% of U.S. gross domestic product (> $500 billion/yr)
Examples: movie, music, SW, book industry.
Copyright protection has expanded greatly since 1790

Fair Use Concept

Sometimes legal to reproduce a copyrighted work without permission

–Citing short excerpts for teaching, research, criticism, commentary, news reporting

Courts consider four factors

–Purpose and character of the use

(Educational is permissible, not commercial)

–Nature of work

Fiction vs nonfiction (facts) and published preferred over non-published

–Amount of work being copied

 Brief excerpts, not the entire work

–Affect on market for work

The use of out of print is permissible

NOTE: Click "Next" to proceed.

 
3.2.1 || Digital Rights Management
Digital Rights Management

Digital Recording Technology

Copying from vinyl records to cassette tapes introduced hiss and distortions (bad quality)
Introduction of the compact disc (CD) a boon for the music industry

–Cheaper to produce than vinyl records

–Higher quality

–A higher price  (companies charge more)Þ higher profits

BUT it’s possible to make a perfect copy of a CD

Digital Rights Management

Actions owners of digital intellectual property take to protect their rights

Approaches

–Encrypt digital content

–Digital marking so devices can recognize the content as copy-protected

Criticisms of Digital Rights Management

Any technological “fix” is bound to fail

DRM undermines fair use (no private copy)
DRM could reduce competition (never expire)
Some schemes make anonymous access impossible
Media Player tracks the contents the user's view

Peer-to-Peer Networks

Peer-to-peer network

–Transient network
–Connects computers running same networking program

–Computers can access files stored on each other’s hard drives

How P2P networks facilitate data exchange

–Give each user access to data stored in many other computers

–Support simultaneous file transfers among arbitrary pairs of computers

–Allow users to identify systems with faster file exchange speeds

Ex: (PCs that have faster transfer rate because they have ADSL speed)

Napster

The peer-to-peer music exchange network

Began operation in 1999
Sued by RIAA (Recording Industry Association of America ) for copyright violations
Courts ruled in favor of RIAA
Went off-line in July 2001
Re-emerged in 2003 as a subscription music service

BitTorrent

Broadband connections: download much faster than upload

BitTorrent speeds downloading

–Files broken into pieces

–Different pieces downloaded from different computers

Used for downloading large files

–Computer programs

–Television shows

–Movies

Universities Caught in Middle

Universities hotbed for file sharing

–High-speed Internet access

–High-capacity file servers

In 2003 RIAA sued four students (for distributing copyrighted music) for about $100 billion (settled
for $50,000)
Different university responses

–Taking PCs of students

–Banning file-sharing

–Signing agreements with legal file-sharing services like Napster (for fees)

Legal Music Services on the Internet

Subscription services for legal downloading (like Napster)

Some based on monthly fee; some free
Consumers pay for each download
Apple’s iTunes Music Store leading service (just pay 99 cents per song)

NOTE: Click "Next" to proceed.

 
3.2.2 || Software Copyright
Software Copyright

Protections for Software – Software Copyrights

Copyright protection began 1964

What gets copyrighted?

–Expression of idea, not idea itself

Ex: Implementation of RDBMS NOT the concept of it (App. Not Idea of DB)

–Object program (.exe), not source program

Because source codes are secrets

Companies deliver .exe
Companies treat source code as a trade secret

Violations of Software Copyrights

Copying a program to give or sell to someone else

Preloading a program onto the hard disk of a computer being sold
Distributing a program over the Internet

Safe Software Development

Reverse engineering okay

Companies must protect against unconscious copying

–Making the same duplicate of a program because programmers move from firm to another

Solution: “clean room” software development strategy

–Team 1 analyzes the competitor’s program and writes specifications.

–Team 2 uses specification to develop software

Open-Source Software: Consequences of Proprietary Software

 Increasingly harsh measures being taken to enforce copyrights (infringe our liberties)

–This act was created in an era with difficulties to make copies. This is not the case NOW.

Copyrights are not serving their purpose of promoting progress.

–They make authors wealthy

It is wrong to allow someone to “own” a piece of intellectual property

–Cooperation is more important than copyright,

Open Source Definition

Licenses have the following characteristics:

No restrictions preventing others from selling or giving away software

Source code included in the distribution
No restrictions preventing others from modifying source code
No restrictions regarding how people can use the software. They can exchange or sell.
The same rights apply to everyone receiving redistributions of the software (copyleft)
NOTE: Nothing states that Open Source SW must be given FREE.

Beneficial Consequences of Open-Source Software

Gives everyone opportunity to improve program

New versions of programs appear more frequently
Eliminates tension between obeying law and helping others
Programs belong to entire community
Shifts focus from manufacturing to service

–Buying Open Source SW with easy installation steps

–Providing great manuals

–Providing support after-sales

Examples of Open-Source Software

BIND – give DNS for the entire Internet

Apache – runs half of the Web servers
Sendmail – moving e-mail via the internet
Perl, Python, Ruby, TCL/TK, PHP, Zope
GNU (General Public License) compilers for C, C++, Objective-C, Fortran, Java, and Ada
Impact of Open-Source Software

Linux putting pressure on companies selling proprietary versions of Unix

Linux putting pressure on Microsoft and Apple desktops
The cost for these OSs goes down

Critique of the Open-Source Software Movement

Without attracting a critical mass of developers, open-source SW quality can be poor

Without an “owner,” incompatible versions may arise

– Independent groups of users make enhancements, so many versions will appear – no compatibility

Relatively weak graphical user interface

The poor mechanism for stimulating innovation

– No companies will spend billions on new programs

The legitimacy of Intellectual Property Protection for Software

Software licenses typically prevent you from making copies of the software to sell or give away
Software licenses are legal agreements
Here we are not discussing the morality of breaking the law
We are discussing whether society should give intellectual property protection to software

–utilitarian analysis

Utilitarian Analysis

Argument against copying

–Copying software reduces software purchases…

–Leading to less income for software makers…

–Leading to lower production of new software…

–Leading to fewer benefits to society

Each of these claims can be debated

–Not all who get free copies can afford to buy software
–The open-source movement demonstrates many people are willing to donate their software-writing
skills

–The hardware industry wants to stimulate the software industry

–Difficult to quantify how much society would be harmed if certain software packages not released

It is not a matter of how many SW, but what they can be used for

NOTE: Click "Next" to proceed in Summary.

 
Summary: Network Communication and
Intellectual Property

Summary: Network Communication

and Intellectual Property
Networking increases the computer’s utility. The Internet connects millions of computers, network
utility grows as the number of users squared.  As people grow, the network may suffer overload and
people may act irresponsibly.

Email: Messages embedded in files transferred between computers

Email address: Uniquely identifies cyberspace mailbox

Spam: Unsolicited, bulk email. Spammers seek anonymity and Spam blockers

Ethical Evaluations of Spamming

Kantian evaluation
Act utilitarian evaluation
Rule utilitarian evaluation
Social contract theory evaluation

Proposed Solutions to Spam Epidemic

Require an explicit opt-in of subscribers
Require labeling of email advertising (all commercial emails must write ADS on the subject
line)
Add a cost to every email that is sent for ads. A micropayment system is proposed
Ban unsolicited email by-laws (laws to prohibit spam as those laws made to junk faxes)

“Spim” is an unsolicited, bulk instant message.

Attributes of the Web
It is decentralized
Every Web object has a unique address
It is based on the Internet

How We Use the Web

Shopping
Contributing content (wikis, blogs)
Promoting business
Learning
Exploring our roots
Entering virtual worlds
Paying taxes
Gambling
Lots more!

Direct Censorship
Government monopolization
Prepublication review
Licensing and registration

Self-censorship
A most common form of censorship
Group decides for itself not to publish

Challenges Posed by the Internet

Many-to-many communication
Dynamic connections
Huge numbers of Web sites
Extends beyond national borders, laws
Can’t determine the age of users

Ethical Perspectives on Censorship

Kant opposed censorship
Mill opposed censorship
 Freedom of Expression: History

American states adopted bills of rights including freedom of expression

Freedom of expression in the 1st amendment to the U.S. Constitution addressed this issue.
Children and the Web: Web Filters

Web filter: software that prevents the display of certain Web pages

Chat Room Predators

Chat room: supports real-time discussions among many people connected to the network

False Information
Quality of Web-based information varies widely

Internet Addiction

Some liken compulsive computer use to pathological gambling

Contributing Factors to Computer Addiction
Social factors
Situational factors
Individual factors

Intellectual property: any unique product of the human intellect that has commercial value
Books, songs, movies
Paintings, drawings
Inventions, chemical formulas, computer programs

Benefits of Intellectual Property Protection

Some people are altruistic; some are not
The allure of wealth can be an incentive for speculative work.

Limits to Intellectual Property Protection

Society benefits most when inventions in the public domain

Congress has struck a compromise by giving authors and inventors rights for a limited time
Protecting Intellectual Property

Trade secrets

Trademarks and service marks

Patents

Copyrights

Trade Secret

Confidential piece of intellectual property that gives the company a competitive advantage

Trademark

Trademark: Identifies goods

Service Mark

Servicemark: Identifies services

Patent

A public (not secret) document that provides a detailed description of the invention

Copyright
Provides owner of an original work five rights
Reproduction
Distribution (copies of the work to the public)
Public display (copies of the work in public)
Public performance
Production of derivative works

Fair Use Concept

Sometimes legal to reproduce a copyrighted work without permission

Digital Recording Technology

Copying from vinyl records to cassette tapes introduced hiss and distortions (bad quality)
Introduction of the compact disc (CD) a boon for the music industry

Digital Rights Management

 Actions owners of digital intellectual property take to protect their rights
Criticisms of Digital Rights Management
Any technological “fix” is bound to fail
DRM undermines fair use (no private copy)
DRM could reduce competition (never expire)
Some schemes make anonymous access impossible

Peer-to-Peer Networks
How P2P networks facilitate data exchange

Napster
Peer-to-peer music exchange network

BitTorrent
Broadband connections: download much faster than upload

Universities Caught in Middle

Universities hotbed for file sharing
In 2003 RIAA sued four students (for distributing copyrighted music) for about $100 billion
(settled for $50,000)

Legal Music Services on the Internet

Subscription services for legal downloading (like Napster)
Some based on monthly fee; some free

Consumers pay for each download

Software Copyrights
Copyright protection began 1964
Companies treat source code as a trade secret

Violations of Software Copyrights

Copying
Preloading
Distributing
 Open Source Definition
No restrictions preventing others from selling or giving away software
Source code included in the distribution
No restrictions preventing others from modifying source code
No restrictions regarding how people can use the software. They can exchange or sell.

Beneficial Consequences of Open-Source Software

Gives everyone the opportunity to improve program
New versions of programs appear more frequently
Eliminates tension between obeying the law and helping others
Programs belong to the entire community
Shifts focus from manufacturing to service

Examples of Open-Source Software

BIND – give DNS for the entire Internet
Apache – runs half of the Web servers
Sendmail – moving e-mail via the internet
Perl, Python, Ruby, TCL/TK, PHP, Zope

GNU (General Public License) compilers for C, C++, Objective-C, Fortran, Java, and Ada

Impact of Open-Source Software

Linux putting pressure on companies selling proprietary versions of Unix
Linux putting pressure on Microsoft and Apple desktops
The cost for these OSs goes down

The legitimacy of Intellectual Property Protection for Software

Software licenses typically prevent you from making copies of the software to sell or give
away
Software licenses are legal agreements
Here we are not discussing the morality of breaking the law
We are discussing whether society should give intellectual property protection to software

utilitarian analysis

NOTE: After studying the lessons, Collaborate with your groupmates and perform your Assignment
No 3.
4.0 || Intended Learning Outcomes
(ILOs) and Topics
Intended Learning Outcomes (ILOs)
By the end of the lesson, you will be able to

1. Know about data privacy and is it important;

2. Know your rights as a data subject;

3. Discuss some privacy issues related to the introduction of information

technology;

4. Discuss some threats to computer and network security;

5. Understand some important defensive measures in protecting computers from

malware; and

6. Explore cyber attacks have been used as a means to achieve criminal ends.
 

Topics
This module covers the following topics:

1. Information Privacy (Data Privacy)

Know Your Right

2. Computer and Network Security

Hackers (Past and Present)

Malware

3. Cyber Crime and Cyber Attacks

NOTE: Click the "Next" button to proceed in the lesson.

4.1 || Information Privacy (Data Privacy)

Information Privacy

What is Data Privacy?

The right of an individual not to have private information about himself disclosed, and to live freely
from surveillance and intrusion.

-https://www.privacy.gov.ph/

Why Data Privacy is Important?

When data that should be kept private gets in the wrong hands, bad things can happen.

A data breach at a government agency can, for example, put top-secret information in the hands
of an enemy state.
A breach at a corporation can put proprietary data in the hands of a competitor.
A breach at a school could put students’ Personal Identifiable Information (PII) in the hands of
criminals who could commit identity theft.
A breach at a hospital or doctor’s office can put Personal Health Information (PHI) in the hands of
those who might misuse it.

REPUBLIC ACT 10173

DATA PRIVACY ACT OF 2012 (DPA)
“An act protecting individual personal information in information and communications systems in the
government and the private sector, creating for this purpose a National Privacy Commission, and for
other purposes”

Who must comply?

Companies with 250 employees or 1000 data subjects.
The processing of all types of personal information and to any natural and juridical persons involved
in personal information processing shall comply to the law

                                -page 24 of the Data Privacy and Cybercrime Prevention in the Philippine Digital
Age

What is Data Subject?

Data subject refers to an individual whose personal information is processed.

It is the customer whom we serviced.

What to protect?
Offline Identity - Identification cards we use on a day-to-day basis to authenticate identity in the
physical world.

Online identity is a social identity that an internet user establishes in online communities and
websites.

Personal Identifiable Information

Personal Identifiable Information refers to any information whether recorded in a material form or not,
from which the identity of an individual is apparent or can be reasonably and directly ascertained by
the entity holding the information when put together with other information would directly and
certainly identity an individual.

-Page 15 of the Data Privacy and Cybercrime Prevention in the Philippine Digital Age

Personal Information 
Some personal information that is protected:

1.Full Name

2.Present Address

3.Permanent Address

4.Home Number

5.Cellphone Number

6.Email Address

7.Mother’s Maiden Name

8.Job Position
Sensitive Personal Information
Sensitive personal information refers to personal information:

(1) About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or
political affiliations;

(2) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for
any offense committed or alleged to have been committed by such person, the disposal of such
proceedings, or the sentence of any court in such proceedings;

Who Controls the data?

1. Personal Information Controller (PIC) - refers to a person or organization who controls the
collection, holding, processing or use of personal information, including a person or organization
who instructs another person or organization to collect, hold, process, use, transfer or disclose
personal information on his or her behalf.
2. Personal Information Processor (PIP)- refers to any natural or juridical person or any other body
to whom a PIC may outsource or instruct the processing of personal data pertaining to a data
subject.

What is Consent?
Consent means giving data subjects genuine choice and control over how a Personal Information
Controller (PIC) uses their data. Data subjects may be able to refuse consent and may be able to
withdraw consent easily at any time.

To be able to understand more , please watch this video:

The video presentation below discuss more about the Data Privacy Rights
 Know Your Data Privacy Rights!
National Privacy Commission · Follow Share

Likewise, the video presentation below discuss more about the Data Protection

Data Protection - Link below to our UPDATED video with GD…

GD…

NOTE: Click the "Next" button to proceed.

 
4.1.1 || Know Your Rights

Know your Rights

The right to be informed

Under R.A. 10173, your personal data is treated almost literally in the same way as your own
personal property. Thus, it should never be collected, processed, and stored by any organization
without your explicit consent, unless otherwise provided by law. Information controllers usually solicit
your consent through a consent form. Aside from protecting you against unfair means of personal
data collection, this right also requires personal information controllers (PICs) to notify you if your
data have been compromised, in a timely manner.

As a data subject, you have the right to be informed that your personal data will be, are being, or
were, collected and processed.

The Right to be Informed is the most basic right as it empowers you as a data subject to consider
other actions to protect your data privacy and assert your other privacy rights.

The right to access

This is your right to find out whether an organization holds any personal data about you and if so,
gain “reasonable access” to them. Through this right, you may also ask them to provide you with a
written description of the kind of information they have about you as well as their purpose/s for
holding them.

Under the Data Privacy Act of 2012, you have a right to obtain from an organization a copy of any
information relating to you that they have on their computer database and/or manual filing system. It
should be provided in an easy-to-access format, accompanied with a full explanation executed in
plain language.

You may demand to access the following:

The contents of your personal data that were processed.

The sources from which they were obtained.
Names and addresses of the recipients of your data.
Manner by which they were processed.
 Reasons for disclosure to recipients, if there were any.
Information on automated systems where your data is or may be available, and how it may affect
you.
Date when your data was last accessed and modified
The identity and address of the personal information controller.

The right to rectify

You have the right to dispute and have corrected any inaccuracy or error in the data a personal
information controller (PIC) holds about you. The PIC should act on it immediately and accordingly
unless the request is vexatious or unreasonable. Once corrected, the PIC should ensure that your
access and receipt of both new and retracted information. PICs should also furnish third parties with
said information, should you request it.

The right to damages

You may claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false,
unlawfully obtained, or unauthorized use of personal data, considering any violation of your rights
and freedoms as the data subject.

The right to file a complaint with the National

Privacy Commission
If you feel that your personal information has been misused, maliciously disclosed, or improperly
disposed, or that any of your data privacy rights have been violated, you have a right to file a
complaint with the NPC.

For more information, you may visit this site: https://www.privacy.gov.ph/know-your-rights/

(https://www.privacy.gov.ph/know-your-rights/)

NOTE: Before proceeding in the next lesson, kindly click here

(https://tip.instructure.com/courses/23291/assignments/625439) for assignment about the Information
Privacy (Data Privacy): Sharing of Information.

 
4.2 || Computer and Network Security

Introduction
Do you ever go to a coffee shop and use its open wireless network to surf the Web? Did you know
freely available software gives any nearby computer user the ability to break into the accounts of
people accessing Web sites through password-free wireless networks?

Watch the video below:

In the movie Live Free or Die Hard, a terrorist organization hacks into a variety of computer and
communication systems to seize control of traffic lights, natural gas pipelines, and electrical power
grids. Are such episodes purely the stuff of Hollywood fiction, or could they really happen? Millions of
people use computers and the Internet to send and receive an email, access bank accounts,
purchase goods and services, and keep track of personal information, making the security of these
systems an important issue. Malicious software can enter computers in a variety of ways. Once
active, these programs can steal personal information, destroy files, disrupt industrial processes, and
launch attacks on financial systems, supporting criminal enterprises and politically motivated attacks
on corporations and governments around the world. 

This lesson focuses on threats to computer and network security. We begin our survey with
examples of individuals using cunning or skill to gain unauthorized access into computer systems.

NOTE: Click "Next" to proceed.

 
4.2.1 || Hackers (Past and Present)

Hackers in the Past

In its original meaning, a hacker was an explorer, a risk-taker, someone who was trying to make a
system do something it had never done before.

Hackers in this sense of the word abounded at MIT’s Tech Model Railroad Club in the 1950s and
1960s. The club constructed and continuously improved an enormous HO-scale model train
layout. Members of the Signals and Power Subcommittee built an elaborate electronic switching
system to control the movement of the trains.

To them, a “hack” was a newly constructed piece of equipment that not only served a useful purpose
but also demonstrated its creator’s technical virtuosity.

Calling someone a hacker was a sign of respect; hackers wore the label with pride.

In 1959, after taking a newly created course in computer programming, some of the hackers shifted
their attention from model trains to electronic computers.

The term “hacker” came to mean a “person who delights in having an intimate understanding of the
internal workings of a system, computers and networks in particular”.

In the 1983 movie WarGames, a teenager breaks into a military computer and nearly causes a
nuclear Armageddon. After seeing the movie, a lot of teenagers were excited at the thought that they
could prowl cyberspace with a home computer and a modem. A few of them became highly proficient
at breaking into government and corporate computer networks. These actions helped change the
everyday meaning of the word “hacker.”

Hackers Today

Today hackers are people who gain unauthorized access to computers and computer networks.

Typically, you need a login name and password to access a computer system. Sometimes a hacker
can guess a valid login name/password combination, particularly when system administrators allow
users to choose short passwords or passwords that appear in a dictionary.
There are three other low-tech techniques for obtaining login names and passwords are
eavesdropping, dumpster diving, and social engineering.

1. Eavesdropping, such as simply looking over the shoulder of a legitimate computer user to learn
his login name and password.
2. Dumpster diving means looking through garbage for interesting bits of information. Companies
typically do not put a fence around their dumpsters. In midnight rummaging sessions, hackers
have found user manuals, phone numbers, login names, and passwords.
3. Social engineering refers to the manipulation of a person inside the organization to gain access
to confidential information. Social engineering is easier in large organizations where people do
not know each other very well. For example, a hacker may identify a system administrator and
call that person, pretending to be the supervisor of his supervisor and demanding to know why he
can’t access a particular machine. In this situation, a cowed system administrator, eager to please
his boss’s boss, may be talked into revealing or resetting a password.

Penalties for Hacking

PHILIPPINES REPUBLIC ACT NO.8792

AN ACT PROVIDING FOR THE RECOGNITION AND USE OF ELECTRONIC COMMERCIAL AND
NON-COMMERCIAL TRANSACTIONS, PENALTIES FOR UNLAWFUL USE THEREOF, AND
OTHER PURPOSES

Sec. 33. Penalties. - The following Acts shall be penalized by fine and/or imprisonment, as follows:

a) Hacking or cracking which refers to unauthorized access into or interference in a computer

system/server or information and communication system; or any access in order to corrupt, alter,
steal or destroy using a computer or other similar information and communication devices, without
the knowledge and consent of the owner of the computer or information and communications system,
including the introduction of computer viruses and the like, resulting in the corruption, destruction,
alteration, theft or loss of electronic data messages or electronic document shall be punished by a
minimum fine of one hundred thousand pesos (P100,000.00) and a maximum commensurate to the
damage incurred and a mandatory imprisonment of six (6) months to three (3) years.

NOTE: Click "Next" to proceed.

 
4.2.2 || Malware

Malware

Malware, or malicious software, is any program or file that is harmful to a computer user.

If you are lucky, these programs will do nothing other than consume a little CPU time and some disk
space. If you are not so lucky, they may destroy valuable data

stored in your computer’s file system. An invading program may even allow outsiders to seize control
of your computer. Once this happens, they may use your computer as a depository for stolen credit
card information, a Web server dishing out pornographic images, or a launch pad for spam or a
denial-of-service attack on a corporate or government server.

Types of malware can include

1. computer viruses,
2. worms,
3. Trojan horses and
4. spyware.

Malware: Difference Between Computer Viruses, Worms an…

an…

Viruses
A virus is a piece of self-replicating code embedded
within another program called the host.

One way a computer virus can replicate.

(a)A computer user executes program P, which is

infected with a virus.

(b)The virus code begins to execute. It finds another

executable program Q and creates a new version of
Q infected with the virus.

(c)The virus passes control to program P. The user,

who expected program P to execute, suspects
nothing.

Because a virus is attached to a host program, you

may find viruses anywhere you can find program files:
hard disks, thumb drives, CD-ROMs, email
attachments, and so on. Viruses can be spread from
machine to machine via thumb drives or CDs. They
may also be passed when a person downloads a file
from the Internet. Sometimes viruses are attached to
free computer games that people download and
install on their computers.

How an Email Virus Spreads

1. A computer user reads an email with an attachment

2. The user opens the attachment, which contains a virus

3. The virus reads the user’s email address book

4. The virus sends emails with virus-containing attachments

To protect our computer system, we can install antivirus software. Commercial antivirus software
packages allow computer users to detect and destroy viruses lurking on their computers. To be most
effective, users must keep them up-to-date by downloading patterns corresponding to the latest
viruses from the vendor’s Web site.
Internet Worm
A worm is a self-contained program that spreads through a computer network by exploiting security
holes in the computers connected to the network.

The technical term “worm” comes from The Shockwave Rider, a 1975 science fiction novel written by
John Brunner.

The World's First Cyber Crime: The Morris Worm [KERNEL …

The most famous worm of all time was also the first one to get the attention of the mainstream
media, which is why it is popularly known as the Internet worm, even though many other worms have
been created that propagate through the Internet. The primary source for this narrative is the
excellent biography of Robert Morris in Cyberpunk: Outlaws and Hackers on the Computer Frontier,
written by Katie Hafner and John Markoff.

Sasser
The Sasser worm, launched in April 2004, exploited a previously identified security weakness with
PCs running the Windows operating system.

Computers with up-to-date software were safe from the worm, but it infected about 18 million
computers worldwide nonetheless.

The effects of the worm were non-threatening; infected computers simply shut themselves down
shortly after booting.

Still, the worm made millions of computers unusable and disrupted operations at Delta Airlines, the
European Commission, Australian railroads, and the British coast guard.

Instant Messaging Worms

There are two early worms to strike instant messaging systems were Choke and Hello, which
appeared in 2001. 

Worms were less devastating back then because only about 141 million people used instant
messaging. Today more than 800 million people rely on instant messaging, so the impact of worms
can be much greater.

The appearance of the Kelvir worm in 2005 forced the Reuters news agency to remove 60,000
subscribers from its Microsoft-based instant messaging service for 20 hours.

In 2010 a variant of the Palevo instant messaging worm rapidly spread through Romania, Mongolia,
and Indonesia.

Conficker
The Conficker (or Downadup) worm, which appeared on Windows computers in November 2008, is
notable because computer security experts have found it particularly

difficult to remove.

The worm is able to spread in several ways.

1. The original variant of the worm spread to computers that were not up-to-date with the latest
security patches from Microsoft.

2. The second version of the worm, which appeared about a month later, had two new features that
accelerated its spread: the ability to invade computers with weak password protection and the ability
to propagate through

USB memory sticks and shared files on local area networks.

Early in 2009, between 8 and 15 million computers were infected with Conficker, including portions of
military networks in France, the United Kingdom, and Germany.

According to Rodney Joffe of the Conficker Working Group, “It’s using the best current practices and
state of the art to communicate and to protect itself”. Even though millions of copies of this worm are
circulating, it does not appear to have done great harm. Security experts remain baffled as to the
goals of those who created it.

Cross-site scripting
Cross-site scripting is another way in which malware may be downloaded without a user’s
knowledge. Web sites that allow users to read what other users have posted are

vulnerable to this security problem. The attacker injects a client-side script into a Web site. When an
innocent user visits the site sometime later, the user’s browser executes the

script, which may steal cookies, track the user’s activity, or perform another malicious action.

XSS - Cross-Site Scripting Explained

XSS - Cross Site Scripting Explained

Drive-By Downloads
Many malware creators have hacked into legitimate Web sites and installed software booby traps. In
some cases, simply visiting a compromised Web site can result in the unintentional downloading of
software, called a drive-by download.

A drive-by download refers to the unintentional download of malicious code to your computer or
mobile device that leaves you open to a cyberattack. You don't have to click on anything, press
download, or open a malicious email attachment to become infected. A drive-by download can take
advantage of an app, operating system, or web browser that contains security flaws due to
unsuccessful updates or lack of updates. Unlike many other types of cyberattack, a drive-by doesn't
rely on the user to do anything to actively enable the attack.

One example of drive-by download is when a Web surfer encounters a pop-up window asking
permission to download software. The user approves the download, thinking the code is necessary to
view the content on theWeb site, but in actuality the download contains malware.

The drive-by download problem is growing. The Google Anti-Malware Team has discovered more
than three million URLs that initiate drive-by downloads. That may not seem like so many URLs,
given the size of the Web, but hackers target the most popular Web sites. As a result, about 1.3
percent of queries to Google’s search engine result in a malicious URL appearing somewhere in the
results page.

Trojan Horse
A Trojan horse, or trojan, is any malware which misleads users of its true intent.

When the user executes a Trojan horse, the program performs the expected beneficial task.
However, the program is also performing actions unknown to, and not in the best interests of, the
user.

For example, where a user is deceived into executing an email attachment disguised to appear not
suspicious, (e.g., a routine form to be filled in), or by clicking on some fake advertisement on social
media or anywhere else.

Trojans may allow an attacker to access users' personal information such as banking information,
passwords, or personal identity. It can also delete a user's files or infect other devices connected to
the network.

The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of
the city of Troy.
One example of a Trojan horse is Mocmex. It was first uncovered in 2008 in digital picture frames
manufactured in China. It spread from digital picture frames to computer hard drives and other
portable storage devices people attached to their PCs. The purpose of the Trojan horse appeared to
be to steal passwords to online computer games

A backdoor Trojan is a Trojan horse that gives the attacker access to the victim’s computer.

For example, a backdoor Trojan may design to cleanse malware from a computer, but in actuality it
installs spyware.

Rootkit
A rootkit is a malicious software that allows an unauthorized user to have privileged access to a
computer and to restricted areas of its software.

Once installed, a rootkit is activated every time the computer is booted.

Rootkits are difficult to detect because they start running before the operating system has completed
booting up, and they can use security privileges to mask their presence.

A rootkit may contain a number of malicious tools such as keyloggers, banking credential stealers,
password stealers, antivirus disablers, and bots for DDoS attacks.

Spyware and Adware

Spyware is a program that communicates over an Internet connection without the user’s knowledge
or consent.

Spyware programs can monitor Web surfing, log keystrokes, take snapshots of the computer screen,
and send reports back to a host computer. Spyware is often part of a rootkit.

Adware is a type of spyware that displays pop-up advertisements related to what the user is doing.

Since people would not intentionally download a spyware program, spyware must get installed using
deception. Free software downloaded from the Internet often contains spyware. Alternatively, the
spyware may be a Trojan horse, tricking users into downloading it because they think it serves a
useful purpose. A Trojan horse containing spyware is an example of a backdoor Trojan.

What is Adware?
 What is Adware?

Bots and Botnets

A bot is a particular kind of backdoor Trojan that responds to commands sent by a command-and-
control program located on an external computer.

A collection of bot-infected computers is called a botnet, and a person who controls a botnet is
called a bot herder. Botnets can range in size from a few thousand computers to over a million
computers. In most cases, people have no idea that their PCs have been compromised and are part
of a botnet.

It’s been estimated that as much as 90 percent of spam is distributed through botnets [40]. Bots can
also be used as spyware, stealing files or logging keystrokes to gain credit card numbers or other
sensitive information.
 What is a Botnet?

NOTE: Click "Next" to proceed.

 
4.3 || Cyber Crime and Cyber Attacks

Phishing and Spear Phishing

A phishing (pronounced “fishing”) attack is a large-scale effort to gain sensitive information from
gullible computer users. An attacker sends out millions of email messages from a botnet. The
messages inform the recipients that one of their accounts has been compromised and directs them
to connect to a Web site to resolve the problem. Targeted users that click on the link encounter an
impostor Web site designed to resemble the genuine e-commerce site. Once on the site, they are
asked for a login name, password, and other private information. Information collected by the
imposter site can then be used for identity theft.

Spear phishing is a variant of phishing in which the attacker selects email addresses that target a
particular group of recipients. For example, an attacker may target elderly people judged to be more
gullible or members of a group that have access to valuable information

What is Phishing?

SQL Injection
SQL injection is a method of attacking a database-driven Web application that has improper
security.

The attacker accesses the application like any other client of the application, but by inserting
(injecting) an SQL query into a text string from the client to the application, the attacker can trick the
application into returning sensitive information.

SQL Injection - Simply Explained

Denial-of-Service and Distributed Denial-of-Service

Attacks
A denial-of-service (DoS) attack is an intentional action designed to prevent legitimate users from
making use of a computer service [44]. A DoS attack may involve unauthorized access to one or
more computer systems, but the goal of a DoS attack is not to steal information. Instead, the aim of a
DoS attack is to disrupt a computer server’s ability to respond to its clients. Interfering with the
normal use of computer services can result in significant harm. A company selling products and
services over the Internet may lose business. A military organization may find its communications
disrupted. A government or nonprofit organization may be unable to get its message out to the
public.

In a distributed denial-of-service (DDoS) attack, the attacker rents access to a botnet from a bot
herder. At the selected time, the command-and-control computer sends the appropriate instructions
to the bots, which launch their attack on the targeted system.
 What is a DDoS Attack?

Cybercrime in the Philippines

Data from the PNP Anti-Cybercrime Group (ACG) showed that online libel cases soared from only 22
incidents in 2013 to 661 from January to June 2019; as well as online scam cases from 42 to 550;
photo and video voyeurism cases from 10 to 356; and computer-related identity theft cases from 23
to 258.

Cases of online threat, meanwhile, rose from 29 to 217 during the period; system interference or
hacking from 12 to 193; unjust vexation from one reported case to 148; cases of illegal access from
zero-incident to 133; automated teller machine (ATM) and credit card fraud from one reported case to
59; and robbery with intimidation from three to 35 incidents.
Do's and Don't in Internet Surfing
 

NOTE: Congratulations! You are done all the topics. Kindly review and prepare for your quiz.

If you are ready, click Quiz 4: Information Privacy and Computer & Network Security
(https://tip.instructure.com/courses/23291/quizzes/245107)  to proceed in your quiz. Good luck!