UNAUTHORIZED ACCESS ––––––––––––––––––––––––––––––––––––––––––––––––– The Crisis in Online Privacy and Security UNAUTHORIZED ACCESS ––––––––––––––––––––––––––––––––––––––––––––––––– The Crisis in Online Privacy and Security Robert H. Sloan • Richard Warner Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business A CHAPMAN & HALL BOOK CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 First issued in hardback 2017 © 2014 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works ISBN: 978-1-4398-3013-0 (pbk) ISBN: 978-1-138-43692-3 (hbk) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. The Open Access version of this book, available at www.taylorfrancis.com, has been made available under a Creative Commons Attribution-Non Commercial-No Derivatives 4.0 license. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Library of Congress Cataloging-in-Publication Data Sloan, Robert H. Unauthorized access : the crisis in online privacy and security / Robert H. Sloan and Richard Warner. pages cm Includes bibliographical references and index. ISBN 978-1-4398-3013-0 (alk. paper) 1. Internet--Moral and ethical aspects. 2. Privacy, Right of. 3. Computer security. 4. Data protection. I. Warner, Richard, 1946- II. Title. TK5105.878.S59 2013 323.4’302854678--dc23 2013003387 Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Contents at a Glance Preface, xix Acknowledgments, xxi Authors, xxiii CHAPTER 1 ◾ Introduction 1 CHAPTER 2 ◾ An Explanation of the Internet, Computers, and Data Mining 13 CHAPTER 3 ◾ Norms and Markets 53 CHAPTER 4 ◾ Informational Privacy: The General Theory 75 CHAPTER 5 ◾ Informational Privacy: Norms and Value Optimality 95 CHAPTER 6 ◾ Software Vulnerabilities and the Low-Priced Software Norm 125 CHAPTER 7 ◾ Software Vulnerabilities: Creating Best Practices 157 CHAPTER 8 ◾ Computers and Networks: Attack and Defense 181 CHAPTER 9 ◾ Malware, Norms, and ISPs 221 v vi ◾ Contents at a Glance CHAPTER 10 ◾ Malware: Creating a Best Practices Norm 251 CHAPTER 11 ◾ Tracking, Contracting, and Behavioral Advertising 273 CHAPTER 12 ◾ From One-Sided Chicken to Value Optimal Norms 303 INDEX, 355 Contents Preface, xix Acknowledgments, xxi Authors, xxiii CHAPTER 1 ◾ Introduction 1 INTRODUCTION 1 THE GOOD, THE BAD, AND THE IN BETWEEN 2 The Good 2 The Bad 2 The In Between 3 MAKING TRADE-OFFS 4 VALUES 7 Profit-Motive-Driven Businesses 8 POLITICS 9 TODAY AND TOMORROW: WEB 1.0, 2.0, 3.0 10 A LOOK AHEAD 11 NOTES AND REFERENCES 11 FURTHER READING 12 CHAPTER 2 ◾ An Explanation of the Internet, Computers, and Data Mining 13 INTRODUCTION 13 PRIMER ON THE INTERNET 13 History 15 vii viii ◾ Contents Nature of the Internet: Packet-Switched Network 17 End-to-End Principle and the “Stupid” Network 19 A More Technical View 22 Horizontal View: One Home’s LAN to the Backbone 22 Vertical View: Internet Protocol Suite 24 Internet Layer 25 Transport Layer 26 Application Layer 28 How the Layers Work Together: Packet Encapsulation 28 Numerical Addresses to Names: DNS 30 Putting It All Together 30 PRIMER ON COMPUTERS 31 Basic Elements of a Computer 33 Operating Systems 38 PRIMER ON DATA, DATABASES, AND DATA MINING 40 Data and Their Representation 40 Databases 43 Information Extraction or Data Mining 43 NOTES AND REFERENCES 48 FURTHER READING 49 CHAPTER 3 ◾ Norms and Markets 53 INTRODUCTION 53 NORMS DEFINED 53 The Examples 53 The Definition 54 Why People Conform to Norms 54 Ought or Self-Interest? 55 How Do Norms Get Started? 55 COORDINATION NORMS 56 Examples 56 Definition of a Coordination Norm 58 Contents ◾ ix Conformity to Coordination Norms 58 Self-Perpetuating Inappropriate Norms 59 VALUE OPTIMAL NORMS 59 Justification and Optimality 59 Lack of Value Optimality: An Example 60 Why Does Value Optimality Matter? 61 A Terminological Point and an Example 61 We Are “Playing without a Helmet” 61 Inappropriate Norms versus No Norms 62 NORMS AND MARKETS 63 Detecting Norm Violations 64 Norm-Violation Detectors versus Norm-Inconsistent Sellers 65 Sellers’ Inability to Discriminate 65 The Profit-Maximizing Strategy 65 Perfect Competition 66 Perfect Competition or Close to It Will Force Sellers’ Compliance 67 NORMS AND GAME THEORY 67 Coordination Problems 68 Equilibria 70 Value Optimality 71 NOTES AND REFERENCES 72 FURTHER READING 73 CHAPTER 4 ◾ Informational Privacy: The General Theory 75 INTRODUCTION 75 PERSONALLY IDENTIFIABLE: A DISTINCTION WITHOUT (MUCH OF) A DIFFERENCE 76 THE REQUIREMENT OF FREE AND INFORMED CONSENT 78 PROBLEMS WITH NOTICE AND CHOICE 79 Notice and Choice Does Not Ensure Informed Consent 80 Notice and Choice Cannot Possibly Ensure Informed Consent 80 Notice and Choice Aims at the Wrong Target 81 x ◾ Contents INFORMATIONAL NORMS 82 Role-Appropriate Informational Norms as Coordination Norms 84 ENSURING FREE AND INFORMED CONSENT 86 Informed Consent 86 Free Consent 87 The Argument That Consent Is Not Free 87 Radin’s Requirements Almost Fulfilled 88 But What about Contracts? 89 THE IDEAL OF NORM COMPLETENESS 89 Two Ways to Fall Short 90 How Norms Can Cease to Be Value Optimal 90 NOTES AND REFERENCES 91 FURTHER READING 92 CHAPTER 5 ◾ Informational Privacy: Norms and Value Optimality 95 INTRODUCTION 95 DIRECT MARKETING: RETAILERS AS INFORMATION BROKERS 96 Retailers as Information Brokers 97 Role-Appropriate Information Processing Norms 98 Retailers as Information Brokers Norm 99 The Norm Is Not Value Optimal 100 An Objection 101 A Consequence 102 INFORMATION AGGREGATORS 103 The Current Norm and Its Problems 106 Beyond Lack of Control 107 THE HEALTH INSURANCE INDUSTRY 107 The Norm 108 The Health Insurance Norm Is Not Value Optimal 109 Contents ◾ xi MORE EXAMPLES 109 Cookies 110 Cookies and Targeted Advertising 111 The Resort to the Illusion of Consent 112 Cloud Computing 113 Unresolved Questions and the Resort to Notice and Choice 115 Social Networking Sites 115 Blurring the Line 117 More Blurring of the Line 118 The Resort to Notice and Choice 119 COLLABORATE OR RESIST? 119 NOTES AND REFERENCES 120 FURTHER READING 122 CHAPTER 6 ◾ Software Vulnerabilities and the Low-Priced Software Norm 125 INTRODUCTION 125 WHAT BUYERS DEMAND 126 Vulnerability-Exacerbating Features of the Software Market 127 Negative Externality and Ways to Cure It 129 STRICT LIABILITY 130 NEGLIGENCE 132 Vulnerability-Reducing Practices for Software Development 134 Negligence Liability Will Not Lead to Adoption of Better Practices 135 Why Developers Must Know How Much to Invest in Reducing Vulnerabilities 137 Consequences of Not Knowing How Much to Invest in Vulnerability Reduction 137 PRODUCT LIABILITY FOR DEFECTIVE DESIGN 138 THE STATUTORY ALTERNATIVE 139 WE ARE TRAPPED AND ONLY LEGAL REGULATION WILL RELEASE US 139 xii ◾ Contents THREE EXAMPLES OF VALUE OPTIMAL PRODUCT-RISK NORMS 141 The Fitness Norm 141 The Negligent Design/Manufacture Norm 142 The Best Loss-Avoider Norm 145 A Key Feature: Norm-Implemented Trade-offs 145 THE LOW-PRICED SOFTWARE NORM 146 Fitness, Negligent Design/Manufacture, and Best Loss Avoider 147 The Low-Priced Software Norm Is Not Value Optimal 149 WE NEED TO CREATE A VALUE OPTIMAL NORM—BUT WHAT SHOULD IT BE? 150 NOTES AND REFERENCES 151 FURTHER READING 152 CHAPTER 7 ◾ Software Vulnerabilities: Creating Best Practices 157 INTRODUCTION 157 BEST PRACTICES DEFINED 157 BEST PRACTICES FOR SOFTWARE DEVELOPMENT 160 “To Some Extent”: An Important Qualification 161 CREATING THE BEST PRACTICES SOFTWARE NORM 162 Defining Best Practices 165 Statutory and Regulatory Options for Defining Best Practices 166 Norm Creation in Ideal Markets 168 Real-World Markets: Lack of Market Power, No Barriers to Entry or Exit, and Zero Transaction Costs 169 Five out of Six 170 The Perfect Information Barrier 170 NORM CREATION IN REAL MARKETS 171 What Markets Should We Regulate? 173 Should We Worry about a “Lemons” Market? 175 Contents ◾ xiii UNAUTHORIZED ACCESS: BEYOND SOFTWARE VULNERABILITIES 177 NOTES AND REFERENCES 177 FURTHER READING 178 CHAPTER 8 ◾ Computers and Networks: Attack and Defense 181 INTRODUCTION 181 TYPES OF DOORS 182 Gates (Outermost Doors) 183 Doors into Our Computers 184 Unintended Doors 185 Zero-Day Attacks 186 The CIA Triad 186 ATTACKS ON AVAILABILITY 187 ATTACKING CONFIDENTIALITY: HANGING OUT IN THE NEIGHBORHOOD 189 Packet Sniffing 190 Session Hijacking 191 ATTACKS ON AUTHENTICATION 192 Password Cracking 193 ATTACKS ON INTEGRITY 194 Secret Doors 194 Unintended Doors: Software and Hardware Vulnerabilities 195 Unwanted Doors: Web Server Vulnerabilities 196 Doors We Are Tricked into Opening 201 MULTIPLYING, ELIMINATING, AND LOCKING DOORS 206 Multiplying Doors 207 Eliminating Doors 207 Locking Doors 208 POSTING GUARDS 209 Authentication 210 Firewalls
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages399 Page
-
File Size-