“Lecture 2”

Famous Data Mining Examples

• Marketplace: Households
• Internal Revenue Service Audits
• Syndrome Surveillance System

Marketplace: Households

• Lotus Development Corporation developed CD with

information on 120 million Americans along with a software
(cost $8 million)
• Planned to sell CD to small businesses that wanted to create
mailing lists based on various criteria, such as household
income
• More than 30,000 consumers complained to Lotus about
invasion of privacy (by letters, phone calls, e-mails)
• Lotus dropped plans to sell CD

Internal Revenue Service (IRS) Audits

• IRS uses computer matching and data mining to look for

possible income tax fraud
• Computer matching: matching tax form information with
information provided by employers, banks, etc.
• Data mining: searching through forms to detect those that
appear most likely to have errors resulting in underpayment
of taxes

Syndrome Surveillance System

• Created by New York City

• Analyzes more than 50,000 pieces of information
every day
• Looks for patterns that might indicate an
epidemic, or an environmental problem

Protecting Privacy

• Technology and Markets

- Privacy
- Enhancing technologies for consumers
- Encryption
- Business tools and policies for protecting personal data
• Laws and Regulations

Protecting Privacy Encryption (Cryptography)

• E-mail and data in Transit on the Internet can be

intercepted. Information sent to and from web-sites can
be intercepted. Wireless transmissions can be picked out
of the air.
Encryption: -
• Is the art and science of hiding data in plain sight
• Process of transforming a message in order to conceal
its meaning

Encryption generally includes a coding scheme, or cryptography

algorithm, and specific sequences of characters (e.g., digits or
letters), called a key, used by the algorithm.
Two types:
- Symmetric encryption
- Public-Key encryption

- Symmetric encryption
• Single key used to encrypt and decrypt a
message
• Both sender and receiver must have the key
• Problem: How does sender get key to receiver?
• If “bad guy” gets key, security is broken

2. Public-Key Encryption
• Until the past few decades, all encryption methods used
require both the sender and the recipient (receiver) to
know the key.
• In the 1970s, a revolution in cryptography occurred, so
Whitfield Diffie and Martin Hellman developed an
encryption scheme called public-key cryptography.

An example of asymmetric encryption

• Each person has two keys: public and private
• To send R a message, encrypt it with R’s public key
• R decrypts message with R’s private key
• No need to communicate keys
• Strong encryption: virtually impossible to figure out
private key, given public key
2. Public-Key Encryption (CONT...)

“Lecture 3”

Introduction
• Information collection, exchange, combination, and distribution
easier than ever

• More information access less privacy

• Trade-offs
- Privacy vs. desire for free expression
- Privacy vs. safety / security
Defining Privacy

• Privacy related to notion of access

• Access
- Physical proximity to a person
- Knowledge about a person
• Privacy is a “zone of inaccessibility”
• Privacy violations are an affront to human dignity
• Control of information about oneself

Terminology

• Invisible information gathering: Collection of personal

information about someone without the person’s
knowledge
• Secondary use: Use of personal information for a purpose other
than the one it was
provided for
• Data mining: Searching and analyzing to find patterns or
relationships in one or more
databases and develop (generate) new information or
knowledge

• Computer matching:
comparing information from different databases (using
social security number, for example, to match records)
• Computer profiling:
analyzing data in computer files to determine
characteristics of people most likely to engage in certain
behavior

Principles for Data Collection and Use

• Informed consent
• Opt-in and opt-out policies
-Opt-in: consumer must explicitly give permission
for the organization to share info
-Opt-out: consumer must explicitly forbid an
organization from sharing info
• Fair Information Principles (or Practices)
• Data retention

Diverse Privacy Topics

Location Tracking:
• Global Positioning Systems (GPS): computer or
communication
services that know exactly where a person is at a particular
time

• Cell phones and other devices are used for location

tracking

Stolen and Lost Data:

• Hackers

• Physical theft (laptops, thumb-drives, etc.)

• Requesting information under false pretenses
• Bribery of employees who have access

Disclosing Information:
• Public Records: records available to general public
(bankruptcy, census records, salaries of government
employees, etc)
• Personal information: undisclosed information
• Types of disclosures

- Voluntary , Involuntary , Statutory

• Identity theft can arise when public records are accessed

Identity Theft:
• Identity theft: misuse of another person’s identity to
take actions permitted the owner
• Credit card fraud is #1 type of identity theft
• Ease of opening accounts contributes to problem
• In USA, 10 million victims in 2004 alone with average
loss: $5,000

“Lecture 4”

Hacking

•Hacking: currently defined as to gain illegal or unauthorized

access to a file, computer, or network.
• What does the term “Hacker”mean?

- Means an irresponsible, destructive criminal

- They intentionally release computer viruses
-They steal sensitive personal, business, and government
information
- They steal money, crash Web-sites, destroy files, and disrupt
businesses

• The term has changed over time

• Phase 1:early 1960s to 1970s (the joy of programming)

- It was a positive term
-A "hacker" was a creative programmer who wrote elegant or
clever code

-Hackers created many of the first computer games and

operating systems
- A “hack”was an especially clever piece of code
Hacking

• Phase 2: from the 1970s to the mid-1990s

- Hacking took on negative connotations
- Breaking into computers for which the hacker does not have
authorized access

- Still primarily individuals

-Includes the spreading of computer worms and viruses and
“phone phreaking”
- Companies began using hackers to analyze and improve security

•Phase 3: beginning with the mid-1990s (the growth of the

Web)
- The growth of the Web changed hacking; viruses and worms
could be spread rapidly

- Denial-of-service (DoS)attacks used to shut down Web-sites

- Large scale theft of personal and financial information

Examples of Illegal (hacker-related) Activities

• Accessing without authorization any computer connected to the

Internet (even
if no files are examined, changed, or copied)
• Transmitting code (such as a virus or worm) that causes damage to a
computer
system
• Transmitting classified government information
• Trafficking in computer passwords
• Intercepting a telephone conversation, email, or any other data
transmission
• Accessing stored email messages without authorization
• Adopting another identity to carry out an illegal activity

Catching and Punishing Hackers

• Methods for Catching Hackers

- Law enforcement agents employ people who are well informed about
technical aspects of hacking and the hacker culture.
- Agents and security professionals read hacker newsletters and
participate in online discussions (chat rooms) of hacking,
undercover, and maintain logs of chat channels used by hackers.
- Security professionals set up “honey pots”

, which are Web-sites that

attract hackers, so that they can record and study everything a
hacker does at the site.

• Penalties for Hackers

- Many young hackers have matured and gone on to productive and
responsible careers
-Sentences for hacking, as for other crimes, depend on the person’s
intent, the
person’s age, and the damage done
- InUSA, maximum penalty: 20 years in prison +$250,000 fine
- Most young hackers receive probation, community service, and/or
fines
- Not until 2000 did a young hacker receive time in juvenile detention

• Responsibility for Security

- There are many parallels between security issues for preventing crime
and security issues for protecting privacy.
-System developers and administrators have a responsibility to develop
with security as a goal. They must stay up to date about new risks and
new security measures, which is an essential goal and a professional
responsibility.
-Businesses have a responsibility to use security tools and monitor their
systems to prevent attacks from succeeding.

“Lecture 5”

The Digital Divide

❑ The term digital divide refers to the fact that some groups of people
have
access to modern information technology (and regularly use it), while
others do not.
❑ The concept of digital divide became popular in the mid-1990s with
emergence of World Wide Web.
❑ The digital divide refers to the disparity in Internet access between
more
industrialized and less industrialized nations.
❑ The social divide refers to the difference in access between the rich
and
poor within a particular country.

Evidence of the Digital Divide

1. Global Divide:
❑ There is plenty of evidence of the global divide. One evidence is the
percentage of people with internet access, as shown in next figure.
❑ In 2006 about 1.1 billion people, representing about 17% of the
world’s population, had access to the Internet.
❑ Only about 5% of the population had Internet access in Africa in
2006 (1 out of every 20 persons).

What is hampering Internet development in less technologically

developed country?
1. Often there is little wealth.
2. Many of these countries have an inadequate telecommunications
infrastructure.
3. The primary language is not English.
4. Literacy is low, and education is inadequate.
5. The country’s culture may not make participating in the Information
Age a priority.

2. Social Divide:
❑ Even within wealthy countries, the extent to which people
use the Internet varies widely according to age, wealth,
and educational achievement

Models of Technological Diffusion

New technologies are usually expensive. Hence the first people to

adopt new technologies are those who are better off. As the
technology matures, its price drops dramatically, enabling more
people to acquire it. Eventually the price of the technology
becomes low enough that it becomes available to nearly everyone.
❑ Technological Diffusion: refers to the rate at which a new
technology is assimilated into a society.
❑ We divide society into three groups
-Group A: people with highest socioeconomic status
-Group B: people with middle socioeconomic status
-Group C: people with lowest socioeconomic status

There are two different theories predict how a new technology is

acquired by people in a society, based on their socioeconomic status.
❑ Normalization model: In this model, Group A begins to adopt the
technology first, followed by Group B, and finally Group C. Eventually,
at some point nearly everyone in all three groups is using the new
technology (A use = B use = C use).
❑ Stratification model: In this model, the order of adoption is the same.
The eventual number of people in Group C who adopt the technology is
lower than the number of adoptees in Group A. The percentage of
people in Group B who adopt the technology is somewhere between
the levels of the other two groups A and C (A use > B use > C use
forever).

“Lecture 6”

Health Issues

Several possible health problems are associated with manufacture and

use of computers.
They include: -
- Radiation from computer terminals
- Possible link between mobile phone use and cancer - Disposal of old
computers (because of potentially toxic parts)
- Wrist problems (repetitive strain injury) from frequently use of
computer keyboards and other automated systems (such as
supermarket check-out scanners).

Potential Solutions

• Technical
- Ergonomic design of keyboards and workstations
- Some laptop computer makers redesigned the machines to
include a wrist rest
• Managerial
- Show of concern to the problem
- Corporation will suffer due to injuries, lost work time, and
surgeries increased
• Educational
- As computer users, have some responsibility for learning good
keyboard work habits, proper keyboard techniques and the need
for rest breaks