Professional Documents
Culture Documents
Learning Objectives
Describe the difference between legal
and ethical issues
Understand the difficulties of protecting
privacy in EC
Discuss issues of intellectual property
rights in EC
Understand the conflict between free
speech and censorship on the Internet
Prentice Hall, 2003
Privacy
Privacythe right to be left alone and
the right to be free of unreasonable
personal intrusions
Two rules have been followed fairly
closely in court decisions:
1. The right of privacy is not absolute.
Privacy must be balanced against the
needs of society
2. The public s right to know is superior
to the individuals right of privacy
Privacy Advocates
Take On DoubleClick
DoubleClick is one of the leading providers
of online advertising
DoubleClick uses cookies to personalize ads
based on consumers interests
In January 1999, DoubleClick bought catalog
marketer Abacus Direct and announced plans
to merge Abacuss off-line database with their
online data
Prentice Hall, 2003
Privacy Advocates
Take On DoubleClick (cont.)
Several class action lawsuits were brought against
DoubleClick, claiming that the company was
tracking Internet users and obtaining personal and
financial information with-out the individuals
knowledge
In violation of the states Consumer Protection
Act and asked it to stop placing cookies on
consumers computers without their permission
In January 2001, the FTC ruled that DoubleClick
had not violated FTC policies
Prentice Hall, 2003
10
Privacy Advocates
Take On DoubleClick (cont.)
DoubleClick agreed to enhance its privacy
measures and to pay legal fees and costs up
to $18 million
Key provision of the settlement requires
DoubleClick to obtain permission from
consumers before combining any personally
identifiable data with Web surfing history
11
Web-Site Self-Registration
Registration questionnaires
50% disclose personal information on a Web
site for the chance to win a sweepstakes
12
Cookies
Cookiea small piece of data that is
passed back and forth between a Web site
and an end users browser as the user
navigates the site; enables sites to keep
track of users activities without asking for
identification
Cookies can be used to invade an individual s
privacy
Personal information collected via cookies has
the potential to be used in illegal and
unethical ways
Prentice Hall, 2003
13
Cookies (cont.)
Solutions to unwanted cookies
Users can delete cookie files stored in their
computer
Use of anti-cookie software
Passporta Microsoft component that lets
consumers permanently enter a profile of
information along with a password and use
this information and password repeatedly
to access services at multiple sites
Prentice Hall, 2003
14
Protection of Privacy
Notice/awareness
Choice/consent
Access/participation
Integrity/security
Enforcement/redress
Supported in the U.S. by the Federal
Internet Privacy Protection Act
Supported in the European Union by EU
Data Protection Directive
Prentice Hall, 2003
15
16
17
19
Controlling Spamming
Spammingthe practice of indiscriminately
broadcasting messages over the Internet (e.g., junk
mail)
Spam comprised 25 to 50% of all e-mail
Slows the internet in general; sometimes Shuts
ISPs down completely
Electronic Mailbox Protection Act
ISPs are required to offer spam-blocking software
Recipients of spam have the right to request
termination of future spam from the same
sender and to bring civil action if necessary
Prentice Hall, 2003
20
Cyber Crime
Fraud
Intentional deceit or trickery, often with the
aim of financial gain
Cyber attack
An electronic attack, either criminal trespass
over the Internet (cyber intrusion) or
unauthorized access that results in damaged
files, pro-grams, or hardware (cyber
vandalism)
Prentice Hall, 2003
21
22
Other attackers
Script kiddies are ego-driven, unskilled
crackers who use information and software
(scripts) that they download from the
Internet to inflict damage on targeted sites
Prentice Hall, 2003
23
Internet Security
Cyber attacks are on the rise
Internet connections are increasingly
a point of attack
The variety of attacks is on the rise
Why now?
Because thats where the money and
information is!
Prentice Hall, 2003
24
25
26
27
28
Authentication
The process by which one entity verifies
that another entity is who they claim to
be by checking credentials of some sort
29
Confidentiality (privacy)
Integrity
As applied to data, the ability to protect
data from being altered or destroyed in an
unauthorized or accidental manner
Prentice Hall, 2003
30
Availability
Nonrepudiation
The ability to limit parties from refuting
that a legitimate transaction took place,
usually by means of a signature
Prentice Hall, 2003
31
Exhibit 9.2
General Security Issues at E-Commerce Sites
32
Nontechnical attack
An attack in which a perpetrator uses
chicanery or other form of persuasion to trick
people into revealing sensitive information or
performing actions that compromise the
security of a network
Prentice Hall, 2003
33
Malware
A generic term for malicious software
35
Exhibit 9.3
Using Zombies in a DDoS Attack
36
Worm
A software program that runs independently,
consuming the resources of its host from
within in order to maintain itself and
propagating a complete working version of
itself onto another machine
Prentice Hall, 2003
37
38
39
40
Security Technologies
Internet and EC security is a thriving
business
Firewalls and Access Control
One major impediments to EC is the concern
about the security of internal networks
Sidestep the issue by letting third parties
host their Web sites
Primary means of access control is password
41
42
43
Managerial Issues
How can the global nature of EC impact
business operations?
What sorts of legal and ethical issues
should be of major concern to an EC
enterprise?
What are the business consequences of
poor security?
Prentice Hall, 2003
44
45
Summary
Describe the differences between legal
and ethical issues in EC
Understand the difficulties of protecting
privacy in EC
Discuss the issues of intellectual property
rights in EC.proven to be particularly
Understand the conflict between free
speech and censorship on the Internet
Prentice Hall, 2003
46
Summary (cont.)
Document the rapid rise in computer and
network security attacks
Understand the factors contributing to the rise
of EC security breaches
Describe the key security issues facing EC
sites
Discuss some of the major types of cyber
attacks against EC sites
Describe some of the technologies used to
secure EC sites
Prentice Hall, 2003
47