basics of computing
DESCRIPTION
Spring Term 2011 Washington College Professor Suydam. Basics of Computing . Week 13 Final Project Preparation & Privacy. Finishing up the JavaScript Dashboard Final Project Preparation Project – ideas Major Components Presentation Evaluation. Agenda – Week 13 . 13- 2. - PowerPoint PPT PresentationTRANSCRIPT
BASICS OF COMPUTING
Spring Term 2011Washington CollegeProfessor Suydam
Week 13 Final Project Preparation & Privacy
AGENDA – WEEK 13
• Finishing up the JavaScript Dashboard
• Final Project Preparation
o Project – ideaso Major Componentso Presentationo Evaluation
13-2
AGENDA – WEEK 13
• Finishing up the JavaScript Dashboard
13-3
FINAL PROJECT -- IDEAS
• Subject Something you are “passionate” about “Doable” Within time constraints
• Budget preparation time • Project and Presentation are each 10% of total course
grade• Point of reference: HW5 was 8%
13-4
FINAL PROJECT -- MAJOR COMPONENTS
WebsiteComponents
MS Word MS Excel JavaScript or Java Applet Others – student option (e.g., sound, video, etc.),
but make relevant to your themePowerPointLinks
Website PowerPoint
13-5
FINAL PROJECT -- PRESENTATION
Contents What ~1/3 How ~2/3
Be animatedShow interest/enthusiasmSmileRehearseTiming
13-6
FINAL PROJECT -- IDEAS
13-7
FINAL PROJECT -- EVALUATION
13-8
PRIVACY: WHOSE INFORMATION IS IT?What is privacy? Examine a transaction of buying
Dating for Total Dummieso Information linking the purchase with the
customerHow can the information be used?
o Book merchant collecting information is ordinary business practice
o Book merchant sending advertisements to customer is ordinary business practice
o What about merchant selling information to other businesses?
Modern devices make it possible to violate people's privacy without their knowledgeIn 1890, Brandeis wrote that individuals deserve "sufficient safeguards against improper circulation" of their images
13-9
CONTROLLING THE USE OF INFORMATION
Spectrum of control spans four main possibilities:1. No uses. Information should be deleted when the
store is finished with it2. Approval or Opt-in. Store can use it for other
purposes with customer's approval3. Objection or Opt-out. Store can use it for other
purposes if customer does not object4. No limits. Information can be used any way the
store chooses5. Fifth possibility is internal use -- store can use
information to continue conducting business with you
13-10
A PRIVACY DEFINITION
• Privacy: The right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude, and their behavior to others
• Threats to Privacy: Government and business• Voluntary Disclosure: We choose to reveal information
in return for real benefits (doctor, credit card company)
13-11
FAIR INFORMATION PRACTICESOECD (Organization of Economic Cooperation and Development) in 1980 developed the standard eight-point list of privacy principles.
Limited Collection Principle Quality Principle Purpose Principle Use Limitation Principle Security Principle Openness Principle Participation Principle Accountability Principle
13-12
COMPARING PRIVACY ACROSS THE ATLANTIC
• U.S. has not adopted OECD principles• China does not protect privacy• European Union has European Data Protection Directive
(OECD principles)• EU Directive requires data on EU citizens to be
protected at same standard even when it leaves their country
13-13
US LAWS PROTECTING PRIVACY• Privacy Act of 1974 covers interaction with government• Interactions with business:
o Electronic Communication Privacy Act of 1986o Video Privacy Protection Act of 1988o Telephone Consumer Protection Act of 1991o Driver's Privacy Protection Act of 1994
• These all deal with specific business sectors—not an omnibus solution
13-14
PRIVACY PRINCIPLES: EUROPEAN UNIONTwo points of disagreement between FTC (US) and OECD
(Europe):o Opt-in/Opt-out
When can an organization use information it collects for one purpose, for a different purpose?
Opt-out is US standard except for highly sensitive data; Opt-in is European standard
o Compliance/Enforcement -- US has "voluntary compliance," EU has offices to control data
13-15
A PRIVACY SUCCESS STORYDo-Not-Call List
o Telemarketing industry's "self-policing" mechanism required individuals to write a letter or make an on-line payment to stop telemarketing calls
o US government set up Do Not Call List. 80,000,000 households are on the list and telemarketing industry has largely collapsed
The Do-Not-Call registry does not prevent all unwanted calls. It does not cover the following:
o calls from organizations with which you have established a business relationship;
o calls for which you have given prior written permission;
o calls which are not commercial or do not include unsolicited advertisements;
o calls by or on behalf of tax-exempt non-profit organizations. 13-16
THE COOKIE MONSTER
• Cookie: Record containing seven fields of information that uniquely identify a customer's session on a website. Cookie is stored on customer's hard drive.
• Abuse: Third party cookieo Third party advertisers on web site enter
client/server relationship with customer as page loads
o Advertiser can set cookies, and can access cookies when user views other websites that advertiser uses
• Browser options:o Turn off cookieso Ask each time a server wants to set a cookieo Accept all cookies
13-17
IDENTITY THEFT• Americans do not enjoy Security Principle• Identity theft is the crime of posing as someone else for
fraudulent purposes -- using information about person like credit card numbers, social security numbers
13-18
MANAGING YOUR PRIVACY
• Purchase up-to-date virus checking software• Adjust your cookie preferences to match your
comfort level• Read the privacy statement of any website you give
information to• Review protections against phishing scams• Patronize reputable companies for music, software,
etc.• Be skeptical• Stay familiar with current assaults on privacy
13-19
ENCRYPTION AND DECRYPTION
Encryption Terminologyo Encryption: Transform representation so it is no
longer understandableo Cryptosystem: A combination of encryption and
decryption methodso Cleartext or Plaintext: Information before
encryption o Cipher text: Information in encrypted formo One-way cipher: Encryption system that cannot be
easily reversed (used for passwords)o Decryption: Reversing encryption process
13-20
13-21
ENCRYPTING A MESSAGE
BREAKING THE CODELonger text is easier to decode
o Notice what bit sequences show up frequentlyo Knowledge of most frequent letters in the
“cleartext” languageSmarter byte-for-byte substitutions
o Group more than two byteso Be sure not to exchange the key over unsecured
connection
13-22
SUMMARIZING THE RSA SYSTEM*• RSA is an Internet encryption and authentication system that
uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers from Microsoft and Netscape.
• The algorithm involves multiplying two large prime numbers (a prime number is a number divisible only by that number and 1) and through additional operations deriving a set of two numbers that constitutes the public key and another set that is the private key.
13-23*Source: http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214273,00.html
A FAULT RECOVERY PROGRAM FOR BUSINESS Keep a full copy of everything written on the system as
of some date and time—full backup Create partial backups—copies of changes since last full
backup After disaster, start by installing the last full backup
copy Re-create state of system by making changes stored in
partial backups, in order All data since last backup (full or partial) will be lost
13-24
BACKING UP A PERSONAL COMPUTERHow and What to Back Upo You can manually backup or get automatic backup software
that writes to an external drive (e.g., flash memory stick, writeable CD, iPod, Time Capsule)
o For manual backups, you do not have to backup data that: can be re-created from some permanent source, like
software was saved before, but has not changed you don’t care about
Recovering Deleted Informationo Backups also protect from accidental deletionso Can save evidence of crime or other inappropriate behavioro Remember that two copies of email are produced when
sender hits send—one in sent mail file and one somewhere else, which the sender probably can't delete
13-25