FIT5003 SOFTWARE SECURITY
www.monash.edu.au
Lecture 11 Ethics & Privacy
FIT5003 SOFTWARE SECURITY
www.monash.edu.au
• cybercrime and computer crime
• intellectual property issues
• privacy
• ethical issues
Outline
LN12 Ethics 3
Cybercrime / Computer Crime
• “criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity”
• Categorizes computer crime based on computer’s role in the criminal activity:
– as target
– as storage device
– as communications tool
• more comprehensive categorization seen in Cybercrime Convention, Computer Crime
Surveys
LN12 Ethics 4
Law Enforcement Challenges
LN12 Ethics 5
Intellectual Property
is
defined as
intangible asset that consists of human knowledge and ideas
intellectual property
“
any
.
secured by copyrights, trademarks, and patents
Intellectual Property Infringement LN12 Ethics 6
infringement
“
the
”
is invasion of the rights
”
.
Copyright
• protectstangibleorfixedexpressionofan idea but not the idea itself
• isautomaticallyassignedwhencreated
• mayneedtoberegisteredinsomecountries
• exists when:
– proposed work is original
– creator has put original idea in concrete form
– e.g. literary works, musical works, dramatic works, pantomimes and choreographic works, pictorial, graphic, and sculptural works, motion pictures and other audiovisual works, sound recordings, architectural works, software-related works.
LN12 Ethics 7
Copyright Rights ©
• copyright owner has these exclusive rights, protected against infringement:
– reproduction right
– modification right
– distribution right
– public-performance right – public-display right
• Examples
– Literary, musical, dramatic, pictorial, motion pictures, audiovisual, sound recordings, software related works
LN12 Ethics 8
Patents
• grantapropertyrighttotheinventor
– to exclude others from making, using, offering for
sale, or selling the invention
• types:
– utility – any new and useful process, machine, article
of manufacture, or composition of matter
– design – new, original, and ornamental design for an article of manufacture
– plant – discovers and asexually reproduces any distinct and new variety of plant
• e.g.RSApublic-keycryptosystempatent
LN12 Ethics 9
Trademarks
• aword,name,symbol,ordevice
– used in trade with goods
– indicate source of goods
– to distinguish them from goods of others
• trademarkrightsmaybeusedto:
– prevent others from using a confusingly similar
mark
– but not to prevent others from making the same goods or from selling the same goods or services under a clearly different mark
LN12 Ethics 10
• software programs
– protect using copyright, perhaps patent
• database content and arrangement – protect using copyright
• digital content audio / video / media / web – protect using copyright
• algorithms
– may be able to protect by patenting
Intellectual Property Issues and Computer Security
LN12 Ethics 11
Intellectual property law
• Intellectual property is protected under the principle that the creator has the right to control and profit from their creation
• Business rely on intellectual property for competitive advantage
• In IT it covers copyright, software piracy, trademarking and patenting
Australian law
LN12 Ethics 12
Australian Copyright Act
• Australian Copyright is governed by Copyright Act 1968
• It protects the expression of ideas in all forms of artistic
media
• Copyright protection is free and automatic in Australia.
• Copyright exceptions include research, study, criticism or review
• Copyright is infringed if the following occurs without express or implied permission:-
– Material is printed from a website or bulletin board
– Pirated version of a movie, song or software is downloaded – Material is saved from a website, bulletin board or email
LN12 Ethics 13
Australian law: Computer Software and Software Piracy
• Owners of computer programs have rights to:- – Reproduce the program in material form
– Publish the program
– Make an adaptation of the program
– Communicate the program to the public
• Everyone else must purchase a license to obtain the same rights
• Software piracy involves copying software for distribution or resale to others without a license
• A patent is acknowledgement that a newly created piece of equipment, compound, technique or procedure is original
LN12 Ethics 14
Privacy
• overlapswithcomputersecurity
• havedramaticincreaseinscaleof
information collected and stored
– motivated by law enforcement, national security, economic incentives
• butindividualsincreasinglyawareofaccess and use of personal / private info
• concerns on extent of privacy compromise have seen a range of legal and technical approaches to reinforcing privacy rights
LN12 Ethics 15
Privacy laws
• Privacy is protected by the Privacy Act 1988
• Deals with how government, business and health providers collect information from individuals and what they do with it
• Built around ten principles: collection, use and disclosure, data quality, data security, openness, access and correction, identifiers, anonymity, transborder data flows, sensitive information
Australian Privacy Law
LN12 Ethics 16
• have many potential misuses / abuses of information and electronic communication that create privacy and security problems
• ethics:
– a system of moral principles relating benefits and harms of particular actions to rightness and wrongness of motives and ends of them
• ethical behavior here not unique
• but do have some unique considerations
– in scale of activities, in new types of entities
Ethical Issues
LN12 Ethics 17
Ethical Issues Related to Computers and Info Systems
• someethicalissuesfromcomputeruse: – repositories and processors of information
– producers of new forms and types of assets
– instruments of acts
– symbols of intimidation and deception
• thosewhounderstand/exploittechnology, and have access permission, have power over these
• issueisbalancingprofessional responsibilities with ethical or moral responsibilities
LN12 Ethics 18
• whistle-blower
– when professional ethical duty conflicts with loyalty
to employer
– e.g. inadequately tested software product
– organizations and professional societies should provide alternative mechanisms
• potential conflict of interest
– e.g. consultant has financial interest in vendor which should be revealed to client
Ethical Question Examples
LN12 Ethics 19
• • •
ethics not precise laws or sets of facts many areas may present ethical ambiguity
many professional societies have ethical codes of conduct which can:
1. be a positive stimulus and instill confidence 2. be educational
3. provide a measure of support
4. be a means of deterrence and discipline
5. enhance the profession’s public image
Codes of Conduct
LN12 Ethics 20
• •
•
Codes of Conduct
see ACM, IEEE and AITP codes
place their emphasis on responsibility of professionals to other people
have some common themes:
– dignity and worth of other people
– personal integrity and honesty
– responsibility for work
– confidentiality of information
– public safety, health, and welfare
– participation in professional societies to improve standards of the profession
– the notion that public knowledge and access to technology is equivalent to social power
LN12 Ethics 21
• Australian computer society code of ethics extract
Ethics
LN12 Ethics 22
• Chapter 19 of the textbook: Computer Security: Principles and Practice” by William Stallings & Lawrie Brown, 3rd edition, Prentice Hall, 2015
• Acknowledgement: part of the materials presented in the slides was developed with the help of Instructor’s Manual and other resources made available by the author of the textbook.
Further Reading
Further Reading
LN12 Ethics 23