CMC: Privacy and Trust

Michelle Read

Intellectual Property Law

Penalties exist for abusing another partys famous marks, copies or inventions. However, ideas are not tangible
3 Main areas: Copyright Law Trademark Law Patent Law

Each country has its own laws World Intellectual Property Organization Promotes the protection of intellectual property rights around the world, and may arbitrate disputes as well.

Copyright Law
Expressed and Fixed not an idea in ones head

To register a copyright Get Permission Creative Commons (think: Flickr, among others).
Fair Use for education Purpose and Character of Use Nature of the Work Relevant Amount Effect on the Market

Copyright Law, cont.

Peer-to-Peer File Sharing of Copyrighted Materials and U.S. Law
Copyrighted music95% of downloads are unpaid for
Primary and Secondary Infringers

P2P File Sharingmust be sharing between two individuals.

Napster was illegal because files were stored on a central server. However, new Peer-to-Peer programs are not illegal because there is no central server. Users connect directly to another users computer

Trademark Law
- A logo, acronym, word, color scheme, combination of sounds, or any other symbolic device used to distinguish a product or service as unique
3 Criteria must be met Active use Can not be ambiguous or ordinary Can not be misleadingly comparable to preexisting trademarks in the marketplace

Trademark Law, cont.

Complications of the Internet Pre-existing trademark claims Global Trademark Disputes Trademark Dilution Domain-name disputes Adam Curry: he purchased the domain mtv.com before MTV! PETA: first purchased by People Eating Tasting Animals Hasbro: candyland.com was first purchased by a pornography company U.S. Anticybersquatting Consumer Protection Act of 1999

Patent Law
any new and useful process, machine, manufacture, or

composition of matter, or any new and useful improvement thereof Complications of the Internet No direct effect Concern of ease of communication

First Amendment Issues

What is Free Speech Law? Congress shall make no law respecting an establishment of religion, prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition, the government for a redress of grievances Certain Types of speech are treated differently Unpopular, Controversial and Offensive Communications Indecent and Obscene Communications Controversies over filtering devices

Unpopular, Controversial and Offensive Communications

Spam Unsolicited Commercial Electronic Mail Act of 2001: Unsuccessful Spam is legal Hate Speech and Hate Literature Extremist political speech ISPs set up their own rules for handling hate websites Potential of inciting violence is illegal 2001 Patriot Act: this changed everything
Cyberstalking Interstate Stalking Act of 1996

Cyberbullying vs Cyberharassment
Definitions:
"Cyberbullying" is when a child, preteen or teen is tormented, threatened, harassed, humiliated, embarrassed or otherwise targeted by another child, preteen or teen using the Internet, interactive and digital technologies or mobile phones. Cyber-harrassment is the same as above only the victim and/or perpetrator(s) are adults

Tort Liability
What is Tort Law? Broad area of law dealing with civil wrongs caused to a party for which another party is liable and involves monetary damages
Four areas of non-physical tort a. Invasion of Privacy b. Intentional Infliction of mental distress and defamation c. Libel d. Slander

Beware: A Lighter Burden of Proof for Civil Action Different rules from criminal law: only requires a preponderance of the evidence vs. Beyond a reasonable doubt

Privacy Law
The Four Privacy Torts
Public disclosure of embarrassing private facts

Intrusion
False Light

Not be commercially exploited

Libel, Slander and Defamation

Defamation: Related to libel and slander, occurs when a someone communicates untrue information that lowers a persons status or subjects a person to public disdain and/or embarrassment.
Libel: written untruths Slander: spoken untruths

Your Responsibility
It is YOUR responsibility to protect your personal information from:
Theft Loss unauthorized unauthorized unauthorized unauthorized

Access Disclosure Copying Use

This applies not only to computer files/documents but also paper files/documents.

Protection

Self protection BehaviorTaking Charge Password security

Institutional/Company protection--AUP

Taking Charge
1. While you may feel secure in the privacy of your own home, each time you connect to the Internet you enter PUBLIC space.
2. You need to minimize your personal risks as you work and play online. 2. You have both right and responsibilities. The Internet has its own code of conduct Actions that you take have consequences
2-16

Acceptable Use Policies/Terms of Service

All computer accounts and some public servers are subject to an Acceptable Use Policy (AUP) An AUP is a policy that outlines appropriate use of the Internet and is enforced by system administrators Violating the AUP can result of the withdrawal of your Internet access privileges The restrictions that pertain to an ISP account are called the terms of service When you sign up for an account, you also agree to the terms of service or AUP You should locate and periodically check your accounts TOS or institutions/companys AUP.
2-17

Acceptable Use Policies

Common university AUPs include the prohibition of the use of university resources for:
Commercial activity Academic dishonesty Harassment

Some universities also prohibit the use of specific Internet services, such as some music sharing sites K12 often have more strict rules regarding what students may access (e.g., YouTube, Facebook). Privileges may be granted as students age. However, often this means that accountability and consequences are more strictly enforced too.
2-18

Password Security
Your password is the first line of defense While you may think that your account has nothing to offer, someone can use it as a starting point to access other accounts System administrators have resources to maintain accounts and the system No system administrator will need to ask you for your password Do not be tricked by an email, no matter how official looking, asking you for your password

2-19

Password Security Tips

Choose a password that is at least 8 characters longif allowed. Mix numbers and/or special characters into your passwordif allowed. Make your password is meaningful to you, but not easily guessed by others. Do not use names of people, places or things that are identifiable to you. Do not use portions of identifying numbers such as your drivers license, social security #, etc. Do not use the same password for multiple sites. Use a password management tool if necessary. Hackers can gain access to all of your accounts, if they can just get it for one! Never share your password(s) with others.
2-20

Phishing
Phishing is a form of online fraud characterized by unsolicited e-mail messages seeking personal information for fraudulent purposes. Phish often appears to originate from reputable sources that maintain accounts for the recipient. Spear phishing is a large scale phishing effort directed at all employees of a company intended to capture an account name and password.

2-21

Phishing
Here are some tips to help you identify phishing expeditions: References to accounts that you do not have. A general salutation (Dear Valued Customer) rather than one by name. Grammar and spelling errors. Mismatch in the URL of embedded links with that of the apparent source (URLs of links display in the status bar at the bottom of the web page when the cursor hovers over them). Contact the apparent source directly using other trusted means first.

2-22

Phishing
Some tips from the Federal Trade Commission: Dont provide personal information unless you initiate the contact or can verify the identity of the agent receiving it Never click on links from an unsolicited e-mail Legitimate organizations never request or seek confirmation of personal information via e-mail or phone Forward to reportphishing@antiphishing.org and the company being impersonated

2-23

Identity Theft
Occurs when stolen personal information is used to open accounts used to make fraudulent purchases. In many cases, information is stolen from third party business records. Not limited to internet activity Warning signs: Late or missing bills. Receipt of credit cards or other lines of credit not requested. Requests for payment from debt collectors.

2-24

Identity Theft
If your identity is stolen: Notify any of three major credit bueaus: Equifax, Experian, or TransUnion Close compromised accounts. File report with local law enforcement office. File a complaint with the FTC. Contact relevant government agencies to cancel/replace stolen licenses or IDs. And flag your account appropriately. Consult your financial institution about bank and other accounts.

2-25

Viruses, Trojan Horses, and Worms

Some software is a security risk The mainstream news calls all such software viruses, but there are three different classes of such software A virus is a computer program that can replicate itself through files to move from computer to computer Some viruses are benign Others are very destructive A worm is a program that is similar to a virus, but spreads through a network Software can be exploited by worms Some worms run over several computers Others communicate among themselves over the network A worm may be malicious or may take up system resources, causing a slowdown in performance
2-26

Securing Your Computer

You can take control and secure your computer Use antivirus software and keep it updated Antivirus software can scan files moving from the computer onto disks and CDs Your email and downloaded files can also be scanned Since new viruses are created every day, the data files needed to detect these viruses needs to be kept up-to-date Use anti-spyware software

2-27

Firewall
Install a firewall on your home computer (especially if you use a broadband connection) Do not download files offered to you in chat rooms or personal Web pages For maximum safety, encrypt all files that contain sensitive information or store them offline on removable media Do not leave your computer connected to the Internet any longer than necessary

2-28

Firewalls
A firewall is software that monitors all attempts to move bytes over the Internet in either direction and notifies you when such movement is attempted. Firewalls previously were only used by large organizations but now home users can install them on their computers. They can prevent a Trojan horse from stealing your files or spyware from phoning home.

2-29

Internet Scams
Scams are nothing new, but the Internet makes it easier for them to reach you Examples include: Get rich quick offers Miracle health cures Guaranteed loans or credit Your credit report repaired for a fee If it sounds to good to be true, then it probably is

2-30

Protecting Your Privacy

The Internet has provided opportunities for data collection that go far beyond a marketers wildest dreams Your browser contains information about you, including the types of sites you visit Web pages can also be programmed to collect information about you, such as when you visited the site The Online Personal Privacy Act (2002) limits the kinds of information that is collected

2-31

Protecting Your Privacy

To protect your privacy: Do not provide personal information unless it is needed for a credit card transaction Do not provide your Social Security Number or other sensitive information When you do provide personal information, read the sites Privacy Policy Some companies sell your information, but you can opt-out of this or choose not to use the software/company Note: not only are websites collecting your information: do you use a Tivo or DVR? Do you use a credit card at Target? Do you have a Randalls Remarkable card?

2-32

Laptops and Wireless Networks

Because of their mobility and the ubiquity of wireless networks, laptops are especially prone to attack Many wireless networks are unsecured, allowing access to any and all Thieves can use packet sniffers to capture wireless transmissions If transmissions are not encoded, thieves can capture vital information

2-33

Laptops and Wireless Networks

When joining a wireless network, keep these safety tips in mind: Use encryption for communication, via a WPA or WEP encryption scheme (WPA is better) - an access key is required for these networks Keep your antivirus and antispyware software up-to-date Make sure your firewall is on

2-34

Laptops and Wireless Networks

Safety tips continued: Use a virtual private network (VPN) when connecting to your institutions network (ask the IT staff for help) Disable File and Printer Sharing Keep your folders/directories private Password protect your sensitive files

2-35

Email Privacy
Corporations/educational institutions can monitor email and WWW usage Email threads are recorded and documented conversations It is illegal for your company to monitor phone calls however, they can monitor email and WWW usage. Free email programs (gmail, hotmail, aol, etc) scan email for viruses Gmail scans the text this is used to determine the types of advertisements in your Gmail

Trust: Different types

trust others not to share our information
trust systems to route and protect information

trust 3rd parties not to collect/track our information traces and not use them publicly for advertising, targeting potential criminal behavior, non-normative behavior, etc?

A Multi-disciplinary concept of Trust

Although some philosophers write about trust that

is not interpersonal, including institutional trust trust in government and self-trust most would agree that these forms of trust are coherent only if they share important features of (i.e. can be modeled on) interpersonal trust. This is why I say that the dominant paradigm of trust is interpersonal. (McLeod, 2006)

Interpersonal Trust
Trustworthiness is a characteristic we infer, Trust is an attitude that is constructed over time
Trust exists when one party to the relation believes the other party has incentive to act in his or her interest or to take his or her interest to heart.

More
Trust is optimistic; the opposite is distrust.
The truster accepts some level of risk or vulnerability There must exist a potential for betrayal

What about Trust in Systems?

Role of Betrayal
If we trust someone to do something, if he/she/it does not do so we are disappointed.
But can this betrayal really occur with inanimate objects? (computer, online service, software)

Sources of Uncertainty in Exchange/Interaction

Quality of goods or services
Structural uncertainty of an exchange Uncertainty about finding an exchange partner

What are the Solutions to Uncertainty in CMC Environments?

Proxies and inferred trustworthiness
Institutional backing Closed Systems versus Open Systems
Experiential, often negative-only reputations (not explicit)

3rd party (explicit) reputation