Автор: Robert H. Sloan, Richard Warner
Название: Unauthorized Access: The Crisis in Online Privacy and Security
Издательство: CRC Press
Год: 2013
ISBN: 9781439830130 / 1439830134
Язык: English
Формат: pdf
Размер: 22,7 mb
Страниц: 398
The authors?two renowned experts on computer security and law?explore the well-established connection between social norms, privacy, security, and technological structure. This approach is the key to understanding information security and informational privacy, providing a practical framework to address ethical and legal issues. The authors also discuss how rapid technological developments have created novel situations that lack relevant norms and present ways to develop these norms for protecting informational privacy and ensuring sufficient information security.
Bridging the gap among computer scientists, economists, lawyers, and public policy makers, this book provides technically and legally sound public policy guidance about online privacy and security. It emphasizes the need to make trade-offs among the complex concerns that arise in the context of online privacy and security.
Preface, xix
Acknowledgments, xxi
Authors, xxiii
Chapter 1 ? Introduction 1
INTRODUCTION 1
THE GOOD, THE BAD, AND THE IN BETWEEN 2
The Good 2
The Bad 2
The In Between 3
MAKING TRADE-OFFS 4
VALUES 7
Profit-Motive-Driven Businesses 8
POLITICS 9
TODAY AND TOMORROW: WEB 1.0, 2.0, 3.0 10
A LOOK AHEAD 11
NOTES AND REFERENCES 11
FURTHER READING 12
Chapter 2 ? An Explanation of the Internet, Computers, and Data Mining 13
INTRODUCTION 13
PRIMER ON THE INTERNET 13
History 15
Nature of the Internet: Packet-Switched Network 17
End-to-End Principle and the “Stupid” Network 19
A More Technical View 22
Horizontal View: One Home’s LAN to the Backbone 22
Vertical View: Internet Protocol Suite 24
Internet Layer 25
Transport Layer 26
Application Layer 28
How the Layers Work Together: Packet Encapsulation 28
Numerical Addresses to Names: DNS 30
Putting It All Together 30
PRIMER ON COMPUTERS 31
Basic Elements of a Computer 33
Operating Systems 38
PRIMER ON DATA, DATABASES, AND DATA MINING 40
Data and Their Representation 40
Databases 43
Information Extraction or Data Mining 43
NOTES AND REFERENCES 48
FURTHER READING 49
Chapter 3 ? Norms and Markets 53
INTRODUCTION 53
NORMS DEFINED 53
The Examples 53
The Definition 54
Why People Conform to Norms 54
Ought or Self-Interest? 55
How Do Norms Get Started? 55
COORDINATION NORMS 56
Examples 56
Definition of a Coordination Norm 58
Conformity to Coordination Norms 58
Self-Perpetuating Inappropriate Norms 59
VALUE OPTIMAL NORMS 59
Justification and Optimality 59
Lack of Value Optimality: An Example 60
Why Does Value Optimality Matter? 61
A Terminological Point and an Example 61
We Are “Playing without a Helmet” 61
Inappropriate Norms versus No Norms 62
NORMS AND MARKETS 63
Detecting Norm Violations 64
Norm-Violation Detectors versus Norm-Inconsistent Sellers 65
Sellers’ Inability to Discriminate 65
The Profit-Maximizing Strategy 65
Perfect Competition 66
Perfect Competition or Close to It Will Force Sellers’ Compliance 67
NORMS AND GAME THEORY 67
Coordination Problems 68
Equilibria 70
Value Optimality 71
NOTES AND REFERENCES 72
FURTHER READING 73
Chapter 4 ? Informational Privacy: The General Theory 75
INTRODUCTION 75
PERSONALLY IDENTIFIABLE: A DISTINCTION WITHOUT (MUCH OF) A DIFFERENCE 76
THE REQUIREMENT OF FREE AND INFORMED CONSENT 78
PROBLEMS WITH NOTICE AND CHOICE 79
Notice and Choice Does Not Ensure Informed Consent 80
Notice and Choice Cannot Possibly Ensure Informed Consent 80
Notice and Choice Aims at the Wrong Target 81
INFORMATIONAL NORMS 82
Role-Appropriate Informational Norms as Coordination Norms 84
ENSURING FREE AND INFORMED CONSENT 86
Informed Consent 86
Free Consent 87
The Argument That Consent Is Not Free 87
Radin’s Requirements Almost Fulfilled 88
But What about Contracts? 89
THE IDEAL OF NORM COMPLETENESS 89
Two Ways to Fall Short 90
How Norms Can Cease to Be Value Optimal 90
NOTES AND REFERENCES 91
FURTHER READING 92
Chapter 5 ? Informational Privacy: Norms and Value Optimality 95
INTRODUCTION 95
DIRECT MARKETING: RETAILERS AS INFORMATION BROKERS 96
Retailers as Information Brokers 97
Role-Appropriate Information Processing Norms 98
Retailers as Information Brokers Norm 99
The Norm Is Not Value Optimal 100
An Objection 101
A Consequence 102
INFORMATION AGGREGATORS 103
The Current Norm and Its Problems 106
Beyond Lack of Control 107
THE HEALTH INSURANCE INDUSTRY 107
The Norm 108
The Health Insurance Norm Is Not Value Optimal 109
MORE EXAMPLES 109
Cookies 110
Cookies and Targeted Advertising 111
The Resort to the Illusion of Consent 112
Cloud Computing 113
Unresolved Questions and the Resort to Notice and Choice 115
Social Networking Sites 115
Blurring the Line 117
More Blurring of the Line 118
The Resort to Notice and Choice 119
COLLABORATE OR RESIST? 119
NOTES AND REFERENCES 120
FURTHER READING 122
Chapter 6 ? Software Vulnerabilities and the Low-Priced Software Norm 125
INTRODUCTION 125
WHAT BUYERS DEMAND 126
Vulnerability-Exacerbating Features of the Software Market 127
Negative Externality and Ways to Cure It 129
STRICT LIABILITY 130
NEGLIGENCE 132
Vulnerability-Reducing Practices for Software Development 134
Negligence Liability Will Not Lead to Adoption of Better Practices 135
Why Developers Must Know How Much to Invest in Reducing Vulnerabilities 137
Consequences of Not Knowing How Much to Invest in Vulnerability Reduction 137
PRODUCT LIABILITY FOR DEFECTIVE DESIGN 138
THE STATUTORY ALTERNATIVE 139
WE ARE TRAPPED AND ONLY LEGAL REGULATION WILL RELEASE US 139
THREE EXAMPLES OF VALUE OPTIMAL PRODUCT-RISK NORMS 141
The Fitness Norm 141
The Negligent Design/Manufacture Norm 142
The Best Loss-Avoider Norm 145
A Key Feature: Norm-Implemented Trade-offs 145
THE LOW-PRICED SOFTWARE NORM 146
Fitness, Negligent Design/Manufacture, and Best Loss Avoider 147
The Low-Priced Software Norm Is Not Value Optimal 149
WE NEED TO CREATE A VALUE OPTIMAL NORM—BUT WHAT SHOULD IT BE? 150
NOTES AND REFERENCES 151
FURTHER READING 152
Chapter 7 ? Software Vulnerabilities: Creating Best Practices 157
INTRODUCTION 157
BEST PRACTICES DEFINED 157
BEST PRACTICES FOR SOFTWARE DEVELOPMENT 160
“To Some Extent”: An Important Qualification 161
CREATING THE BEST PRACTICES SOFTWARE NORM 162
Defining Best Practices 165
Statutory and Regulatory Options for Defining Best Practices 166
Norm Creation in Ideal Markets 168
Real-World Markets: Lack of Market Power, No Barriers to Entry or Exit, and Zero Transaction Costs 169
Five out of Six 170
The Perfect Information Barrier 170
NORM CREATION IN REAL MARKETS 171
What Markets Should We Regulate? 173
Should We Worry about a “Lemons” Market? 175
UNAUTHORIZED ACCESS: BEYOND SOFTWARE VULNERABILITIES 177
NOTES AND REFERENCES 177
FURTHER READING 178
Chapter 8 ? Computers and Networks: Attack and Defense 181
INTRODUCTION 181
TYPES OF DOORS 182
Gates (Outermost Doors) 183
Doors into Our Computers 184
Unintended Doors 185
Zero-Day Attacks 186
The CIA Triad 186
ATTACKS ON AVAILABILITY 187
ATTACKING CONFIDENTIALITY: HANGING OUT IN THE NEIGHBORHOOD 189
Packet Sniffing 190
Session Hijacking 191
ATTACKS ON AUTHENTICATION 192
Password Cracking 193
ATTACKS ON INTEGRITY 194
Secret Doors 194
Unintended Doors: Software and Hardware Vulnerabilities 195
Unwanted Doors: Web Server Vulnerabilities 196
Doors We Are Tricked into Opening 201
MULTIPLYING, ELIMINATING, AND LOCKING DOORS 206
Multiplying Doors 207
Eliminating Doors 207
Locking Doors 208
POSTING GUARDS 209
Authentication 210
Firewalls 210
Intrusion Detection and Prevention Services 213
LOCKING AND GUARDING DOORS IS HARD AND WE DO A POOR JOB 214
Unlocked Doors We Don’t Know About 214
Doors We Don’t Realize We Should Lock 215
Limitations on Guards 215
SHOULD ISPS LOCK DOORS AND CHECK CREDENTIALS? 217
NOTES AND REFERENCES 217
FURTHER READING 219
Chapter 9 ? Malware, Norms, and ISPs 221
INTRODUCTION 221
A MALWARE DEFINITION 222
Malware and Lack of Consent 223
Don’t We Just Mean Illegal, or at Least Harmful? 224
Making “Especially Objectionable” More Precise 225
Are Tracking Cookies Malware? 227
THE MALWARE ZOO 228
Viruses and Worms 229
Trojans 231
Rootkits 231
Bots and Botnets 233
Spyware 235
The Latest Trend 235
WHY END-USER DEFENSES ARE SO WEAK 236
The Limits of Detection 236
Poor Use of Poor Tools 237
The ISP Alternative 239
THE “END-USER-LOCATED ANTIVIRUS” NORM 240
Importance of Network Neutrality 241
Home-User-Located Antimalware Defense Is Not Value Optimal 242
FIRE PREVENTION AND PUBLIC HEALTH 243
COMPARE MALWARE 244
IS BETTER PROTECTION WORTH VIOLATING NETWORK NEUTRALITY? 245
The Risk to Privacy 245
The Risk to Free Expression 246
THE VALUE OPTIMAL NORM SOLUTION 247
NOTES AND REFERENCES 247
FURTHER READING 249
Chapter 10 ? Malware: Creating a Best Practices Norm 251
INTRODUCTION 251
CURRENT BEST PRACTICES FOR ISP MALWARE DEFENSE 251
Sample Current Technical Best Practices 252
The Other Categories of ISP (Best?) Practices 256
Why Current Best Practices Are Not All That We Need 257
AN ADDITIONAL WRINKLE: THE DEFINITION OF MALWARE IS NOT FULLY SETTLED 260
DEFINING COMPREHENSIVE BEST PRACTICES 261
Definitional Issues 261
CREATING THE NORM 262
Norm Creation in Perfectly Competitive Markets 262
No Market Power, No Entry/Exit Barriers, and No Transaction Costs 264
The Perfect Knowledge Barrier 264
NORM CREATION IN REAL MARKETS 265
No Worry about Lemons Market 266
THE END-TO-END AND NETWORK NEUTRALITY PRINCIPLES 267
HAS OUR FOCUS BEEN TOO NARROW? 268
WAS OUR FOCUS TOO NARROW IN ANOTHER WAY? 270
NOTES AND REFERENCES 270
FURTHER READING 272
Chapter 11 ? Tracking, Contracting, and Behavioral Advertising 273
INTRODUCTION 273
BEHAVIORAL ADVERTISING AND THE ONLINE ADVERTISING ECOSYSTEM 275
HOW WEBSITES GAIN INFORMATION ABOUT YOU: STRAIGHTFORWARD METHODS 277
You Identify Yourself Using a Login ID 277
Websites Know Your IP Number 278
Cookies: A Deeper Dive into the Technology 279
Making a “Signature” out of Browser, OS, Fonts Installed, etc. 283
OTHER WAYS OF GETTING YOUR ONLINE INFORMATION 284
WHAT IS WRONG WITH BEHAVIORAL ADVERTISING? 285
Lack of Choice for Buyers 285
Acquiescence via Contract 286
Fixing What Is Broken 287
THE SECOND-ORDER CONTRACTUAL NORM 288
Compatibility 290
Are We Right? 292
HOW THE NORM ARISES IN IDEAL MARKETS 293
REAL MARKETS: HOW THE COORDINATION NORM ARISES 294
Buyers 294
Sellers 296
How Contracting Can Go Wrong 298
THE LACK OF CONSENT TO PAY-WITH-DATA EXCHANGES 298
NOTES AND REFERENCES 300
FURTHER READING 301
Chapter 12 ? From One-Sided Chicken to Value Optimal Norms 303
INTRODUCTION 303
CHICKEN WITH CARS 303
THE PAY-WITH-DATA GAME OF ONE-SIDED CHICKEN 305
Buyers’ Preferences 306
Sellers’ Preferences 307
One-Sided Chicken 308
Escaping One-Sided Chicken 308
NORM CREATION IN PERFECTLY COMPETITIVE MARKETS 309
Approximation to Perfect Competition in Pay-with-Data Exchanges 309
Approximation to Perfect Information in the Real World 312
NORM CREATION IN THE REAL MARKET 313
Buyers Will Use Blocking Technologies 313
Advertising Revenue Will Decline 314
Sellers Will Conform More Closely to Buyers’ Preferences 314
Norms? Yes. Value Optimal? Yes, but… 315
DOES FACEBOOK PLAY ONE-SIDED CHICKEN? 316
As Goes Facebook, So Goes Google? 317
DO-NOT-TRACK INITIATIVES 318
MORE “BUYER POWER” APPROACHES TO NORM GENERATION 320
Mobile Apps 320
Cloud Computing 322
Summary of Our Norm-Generation Strategies So Far 322
TWO VERSIONS OF THE BEST PRACTICES STATUTE APPROACH 323
PRISONER’S DILEMMA 325
Information Aggregators 325
A Classic Prisoner’s Dilemma 326
Prisoner’s Dilemma for Business Buyers 328
How Many Players Are in This Game Anyway? 329
Trust and Commitment 331
THE NEED FOR TRUST 334
Retailers as Information Brokers 334
Health Insurance 337
Employer Hiring 338
Beyond Buying and Selling 339
IF WE FAIL TO CREATE NORMS 340
THE BIG DATA FUTURE 341
APPENDIX: A GAME THEORETIC ANALYSIS OF FACEBOOK’S PRIVACY SETTINGS 344
NOTES AND REFERENCES 349
FURTHER READING 352
[related-news]
Похожие публикации
- {related-news}
Комментарии 1