Автор: Robert H. Sloan, Richard Warner Название: Unauthorized Access: The Crisis in Online Privacy and Security Издательство: CRC Press Год: 2013 ISBN: 9781439830130 / 1439830134 Язык: English Формат: pdf Размер: 22,7 mb Страниц: 398
The authors?two renowned experts on computer security and law?explore the well-established connection between social norms, privacy, security, and technological structure. This approach is the key to understanding information security and informational privacy, providing a practical framework to address ethical and legal issues. The authors also discuss how rapid technological developments have created novel situations that lack relevant norms and present ways to develop these norms for protecting informational privacy and ensuring sufficient information security.
Bridging the gap among computer scientists, economists, lawyers, and public policy makers, this book provides technically and legally sound public policy guidance about online privacy and security. It emphasizes the need to make trade-offs among the complex concerns that arise in the context of online privacy and security.
Chapter 1 ? Introduction 1 INTRODUCTION 1 THE GOOD, THE BAD, AND THE IN BETWEEN 2 The Good 2 The Bad 2 The In Between 3 MAKING TRADE-OFFS 4 VALUES 7 Profit-Motive-Driven Businesses 8 POLITICS 9 TODAY AND TOMORROW: WEB 1.0, 2.0, 3.0 10 A LOOK AHEAD 11 NOTES AND REFERENCES 11 FURTHER READING 12
Chapter 2 ? An Explanation of the Internet, Computers, and Data Mining 13 INTRODUCTION 13 PRIMER ON THE INTERNET 13 History 15 Nature of the Internet: Packet-Switched Network 17 End-to-End Principle and the “Stupid” Network 19 A More Technical View 22 Horizontal View: One Home’s LAN to the Backbone 22 Vertical View: Internet Protocol Suite 24 Internet Layer 25 Transport Layer 26 Application Layer 28 How the Layers Work Together: Packet Encapsulation 28 Numerical Addresses to Names: DNS 30 Putting It All Together 30 PRIMER ON COMPUTERS 31 Basic Elements of a Computer 33 Operating Systems 38 PRIMER ON DATA, DATABASES, AND DATA MINING 40 Data and Their Representation 40 Databases 43 Information Extraction or Data Mining 43 NOTES AND REFERENCES 48 FURTHER READING 49
Chapter 3 ? Norms and Markets 53 INTRODUCTION 53 NORMS DEFINED 53 The Examples 53 The Definition 54 Why People Conform to Norms 54 Ought or Self-Interest? 55 How Do Norms Get Started? 55 COORDINATION NORMS 56 Examples 56 Definition of a Coordination Norm 58 Conformity to Coordination Norms 58 Self-Perpetuating Inappropriate Norms 59 VALUE OPTIMAL NORMS 59 Justification and Optimality 59 Lack of Value Optimality: An Example 60 Why Does Value Optimality Matter? 61 A Terminological Point and an Example 61 We Are “Playing without a Helmet” 61 Inappropriate Norms versus No Norms 62 NORMS AND MARKETS 63 Detecting Norm Violations 64 Norm-Violation Detectors versus Norm-Inconsistent Sellers 65 Sellers’ Inability to Discriminate 65 The Profit-Maximizing Strategy 65 Perfect Competition 66 Perfect Competition or Close to It Will Force Sellers’ Compliance 67 NORMS AND GAME THEORY 67 Coordination Problems 68 Equilibria 70 Value Optimality 71 NOTES AND REFERENCES 72 FURTHER READING 73
Chapter 4 ? Informational Privacy: The General Theory 75 INTRODUCTION 75 PERSONALLY IDENTIFIABLE: A DISTINCTION WITHOUT (MUCH OF) A DIFFERENCE 76 THE REQUIREMENT OF FREE AND INFORMED CONSENT 78 PROBLEMS WITH NOTICE AND CHOICE 79 Notice and Choice Does Not Ensure Informed Consent 80 Notice and Choice Cannot Possibly Ensure Informed Consent 80 Notice and Choice Aims at the Wrong Target 81 INFORMATIONAL NORMS 82 Role-Appropriate Informational Norms as Coordination Norms 84 ENSURING FREE AND INFORMED CONSENT 86 Informed Consent 86 Free Consent 87 The Argument That Consent Is Not Free 87 Radin’s Requirements Almost Fulfilled 88 But What about Contracts? 89 THE IDEAL OF NORM COMPLETENESS 89 Two Ways to Fall Short 90 How Norms Can Cease to Be Value Optimal 90 NOTES AND REFERENCES 91 FURTHER READING 92
Chapter 5 ? Informational Privacy: Norms and Value Optimality 95 INTRODUCTION 95 DIRECT MARKETING: RETAILERS AS INFORMATION BROKERS 96 Retailers as Information Brokers 97 Role-Appropriate Information Processing Norms 98 Retailers as Information Brokers Norm 99 The Norm Is Not Value Optimal 100 An Objection 101 A Consequence 102 INFORMATION AGGREGATORS 103 The Current Norm and Its Problems 106 Beyond Lack of Control 107 THE HEALTH INSURANCE INDUSTRY 107 The Norm 108 The Health Insurance Norm Is Not Value Optimal 109 MORE EXAMPLES 109 Cookies 110 Cookies and Targeted Advertising 111 The Resort to the Illusion of Consent 112 Cloud Computing 113 Unresolved Questions and the Resort to Notice and Choice 115 Social Networking Sites 115 Blurring the Line 117 More Blurring of the Line 118 The Resort to Notice and Choice 119 COLLABORATE OR RESIST? 119 NOTES AND REFERENCES 120 FURTHER READING 122
Chapter 6 ? Software Vulnerabilities and the Low-Priced Software Norm 125 INTRODUCTION 125 WHAT BUYERS DEMAND 126 Vulnerability-Exacerbating Features of the Software Market 127 Negative Externality and Ways to Cure It 129 STRICT LIABILITY 130 NEGLIGENCE 132 Vulnerability-Reducing Practices for Software Development 134 Negligence Liability Will Not Lead to Adoption of Better Practices 135 Why Developers Must Know How Much to Invest in Reducing Vulnerabilities 137 Consequences of Not Knowing How Much to Invest in Vulnerability Reduction 137 PRODUCT LIABILITY FOR DEFECTIVE DESIGN 138 THE STATUTORY ALTERNATIVE 139 WE ARE TRAPPED AND ONLY LEGAL REGULATION WILL RELEASE US 139 THREE EXAMPLES OF VALUE OPTIMAL PRODUCT-RISK NORMS 141 The Fitness Norm 141 The Negligent Design/Manufacture Norm 142 The Best Loss-Avoider Norm 145 A Key Feature: Norm-Implemented Trade-offs 145 THE LOW-PRICED SOFTWARE NORM 146 Fitness, Negligent Design/Manufacture, and Best Loss Avoider 147 The Low-Priced Software Norm Is Not Value Optimal 149 WE NEED TO CREATE A VALUE OPTIMAL NORM—BUT WHAT SHOULD IT BE? 150 NOTES AND REFERENCES 151 FURTHER READING 152
Chapter 7 ? Software Vulnerabilities: Creating Best Practices 157 INTRODUCTION 157 BEST PRACTICES DEFINED 157 BEST PRACTICES FOR SOFTWARE DEVELOPMENT 160 “To Some Extent”: An Important Qualification 161 CREATING THE BEST PRACTICES SOFTWARE NORM 162 Defining Best Practices 165 Statutory and Regulatory Options for Defining Best Practices 166 Norm Creation in Ideal Markets 168 Real-World Markets: Lack of Market Power, No Barriers to Entry or Exit, and Zero Transaction Costs 169 Five out of Six 170 The Perfect Information Barrier 170 NORM CREATION IN REAL MARKETS 171 What Markets Should We Regulate? 173 Should We Worry about a “Lemons” Market? 175 UNAUTHORIZED ACCESS: BEYOND SOFTWARE VULNERABILITIES 177 NOTES AND REFERENCES 177 FURTHER READING 178
Chapter 8 ? Computers and Networks: Attack and Defense 181 INTRODUCTION 181 TYPES OF DOORS 182 Gates (Outermost Doors) 183 Doors into Our Computers 184 Unintended Doors 185 Zero-Day Attacks 186 The CIA Triad 186 ATTACKS ON AVAILABILITY 187 ATTACKING CONFIDENTIALITY: HANGING OUT IN THE NEIGHBORHOOD 189 Packet Sniffing 190 Session Hijacking 191 ATTACKS ON AUTHENTICATION 192 Password Cracking 193 ATTACKS ON INTEGRITY 194 Secret Doors 194 Unintended Doors: Software and Hardware Vulnerabilities 195 Unwanted Doors: Web Server Vulnerabilities 196 Doors We Are Tricked into Opening 201 MULTIPLYING, ELIMINATING, AND LOCKING DOORS 206 Multiplying Doors 207 Eliminating Doors 207 Locking Doors 208 POSTING GUARDS 209 Authentication 210 Firewalls 210 Intrusion Detection and Prevention Services 213 LOCKING AND GUARDING DOORS IS HARD AND WE DO A POOR JOB 214 Unlocked Doors We Don’t Know About 214 Doors We Don’t Realize We Should Lock 215 Limitations on Guards 215 SHOULD ISPS LOCK DOORS AND CHECK CREDENTIALS? 217 NOTES AND REFERENCES 217 FURTHER READING 219
Chapter 9 ? Malware, Norms, and ISPs 221 INTRODUCTION 221 A MALWARE DEFINITION 222 Malware and Lack of Consent 223 Don’t We Just Mean Illegal, or at Least Harmful? 224 Making “Especially Objectionable” More Precise 225 Are Tracking Cookies Malware? 227 THE MALWARE ZOO 228 Viruses and Worms 229 Trojans 231 Rootkits 231 Bots and Botnets 233 Spyware 235 The Latest Trend 235 WHY END-USER DEFENSES ARE SO WEAK 236 The Limits of Detection 236 Poor Use of Poor Tools 237 The ISP Alternative 239 THE “END-USER-LOCATED ANTIVIRUS” NORM 240 Importance of Network Neutrality 241 Home-User-Located Antimalware Defense Is Not Value Optimal 242 FIRE PREVENTION AND PUBLIC HEALTH 243 COMPARE MALWARE 244 IS BETTER PROTECTION WORTH VIOLATING NETWORK NEUTRALITY? 245 The Risk to Privacy 245 The Risk to Free Expression 246 THE VALUE OPTIMAL NORM SOLUTION 247 NOTES AND REFERENCES 247 FURTHER READING 249
Chapter 10 ? Malware: Creating a Best Practices Norm 251 INTRODUCTION 251 CURRENT BEST PRACTICES FOR ISP MALWARE DEFENSE 251 Sample Current Technical Best Practices 252 The Other Categories of ISP (Best?) Practices 256 Why Current Best Practices Are Not All That We Need 257 AN ADDITIONAL WRINKLE: THE DEFINITION OF MALWARE IS NOT FULLY SETTLED 260 DEFINING COMPREHENSIVE BEST PRACTICES 261 Definitional Issues 261 CREATING THE NORM 262 Norm Creation in Perfectly Competitive Markets 262 No Market Power, No Entry/Exit Barriers, and No Transaction Costs 264 The Perfect Knowledge Barrier 264 NORM CREATION IN REAL MARKETS 265 No Worry about Lemons Market 266 THE END-TO-END AND NETWORK NEUTRALITY PRINCIPLES 267 HAS OUR FOCUS BEEN TOO NARROW? 268 WAS OUR FOCUS TOO NARROW IN ANOTHER WAY? 270 NOTES AND REFERENCES 270 FURTHER READING 272
Chapter 11 ? Tracking, Contracting, and Behavioral Advertising 273 INTRODUCTION 273 BEHAVIORAL ADVERTISING AND THE ONLINE ADVERTISING ECOSYSTEM 275 HOW WEBSITES GAIN INFORMATION ABOUT YOU: STRAIGHTFORWARD METHODS 277 You Identify Yourself Using a Login ID 277 Websites Know Your IP Number 278 Cookies: A Deeper Dive into the Technology 279 Making a “Signature” out of Browser, OS, Fonts Installed, etc. 283 OTHER WAYS OF GETTING YOUR ONLINE INFORMATION 284 WHAT IS WRONG WITH BEHAVIORAL ADVERTISING? 285 Lack of Choice for Buyers 285 Acquiescence via Contract 286 Fixing What Is Broken 287 THE SECOND-ORDER CONTRACTUAL NORM 288 Compatibility 290 Are We Right? 292 HOW THE NORM ARISES IN IDEAL MARKETS 293 REAL MARKETS: HOW THE COORDINATION NORM ARISES 294 Buyers 294 Sellers 296 How Contracting Can Go Wrong 298 THE LACK OF CONSENT TO PAY-WITH-DATA EXCHANGES 298 NOTES AND REFERENCES 300 FURTHER READING 301
Chapter 12 ? From One-Sided Chicken to Value Optimal Norms 303 INTRODUCTION 303 CHICKEN WITH CARS 303 THE PAY-WITH-DATA GAME OF ONE-SIDED CHICKEN 305 Buyers’ Preferences 306 Sellers’ Preferences 307 One-Sided Chicken 308 Escaping One-Sided Chicken 308 NORM CREATION IN PERFECTLY COMPETITIVE MARKETS 309 Approximation to Perfect Competition in Pay-with-Data Exchanges 309 Approximation to Perfect Information in the Real World 312 NORM CREATION IN THE REAL MARKET 313 Buyers Will Use Blocking Technologies 313 Advertising Revenue Will Decline 314 Sellers Will Conform More Closely to Buyers’ Preferences 314 Norms? Yes. Value Optimal? Yes, but… 315 DOES FACEBOOK PLAY ONE-SIDED CHICKEN? 316 As Goes Facebook, So Goes Google? 317 DO-NOT-TRACK INITIATIVES 318 MORE “BUYER POWER” APPROACHES TO NORM GENERATION 320 Mobile Apps 320 Cloud Computing 322 Summary of Our Norm-Generation Strategies So Far 322 TWO VERSIONS OF THE BEST PRACTICES STATUTE APPROACH 323 PRISONER’S DILEMMA 325 Information Aggregators 325 A Classic Prisoner’s Dilemma 326 Prisoner’s Dilemma for Business Buyers 328 How Many Players Are in This Game Anyway? 329 Trust and Commitment 331 THE NEED FOR TRUST 334 Retailers as Information Brokers 334 Health Insurance 337 Employer Hiring 338 Beyond Buying and Selling 339 IF WE FAIL TO CREATE NORMS 340 THE BIG DATA FUTURE 341
APPENDIX: A GAME THEORETIC ANALYSIS OF FACEBOOK’S PRIVACY SETTINGS 344 NOTES AND REFERENCES 349 FURTHER READING 352
Внимание
Уважаемый посетитель, Вы зашли на сайт как незарегистрированный пользователь.
Мы рекомендуем Вам зарегистрироваться либо войти на сайт под своим именем.
Информация
Посетители, находящиеся в группе Гости, не могут оставлять комментарии к данной публикации.
