Phase 3: Security and Privacy on the Internet
Discussion: the problems surrounding E-commerce such as security and privacy.
WWW Security and Privacy may not be affirmed; Fears are certainly valid
By Patrick Darnell
The Buyer and the Seller: Visiting Shops and Buying
Purveyors of sales and services opening up transactions between strangers worldwide walk the latest strip mall most visited today on the New Avenue of the World, our Internet. The release of personal information, in order to complete the transactions via the Internet, is equally new, and the theft of information and products is the newest form of crimes.
In order to gain access to many websites or in order to purchase online, consumers are often required to give personal information, such as their mother's maiden name, credit card number, date of birth, address, and social security numbers.
http://www.isoc.org/internet/standards/papers/amr-on-standards.shtml
Make Acquaintance with the unwanted Third Party
The Buyer and Seller are naturally most willing to insure safe, steady Internet transactions, because it is in each best interest to do so. Problems in the transaction loop arise when a third party gets involved in the personal business. Third parties are the focus of any discussion of Security, and Privacy, on the Internet Highway.
“Thieves also have a desire to open new accounts, start spending money, and take over this new identity with new purchasing options and money privileges, in which they may have been denied using his/her real name. For example, some thieves may have bad credit and be unable to take out loans but they can do this with another’s identity, and others may be very successful in life but still commit the crime just because of the thrill it brings them!
With the advent of the internet, identity theft has become an efficient, profitable business; perpetrators have easier and faster access to confidential information around the world.”
http://www.isoc.org/internet/standards/papers/amr-on-standards.shtml , keywords: Information Standards
What, Where, Who is the Hacker?
Until a memo was issued to gain field information, the government had been able to keep up with the industries of telecommunications and telephony. Bandwidth was easily identified until the 1970’s when the Internet became a reality. From the very beginning, people found ways to disrupt the Internet, and did so with ease.
Hackers have been able to access information by entering the website's "back door,” the secret way into a website that allows the hacker access to the website's confidential administrative files. Additionally, industrious hackers and identity thieves have created programs, called "worms", which enter the website from an infected disk or through email and silently sneak around the server or database, and send back confidential information to its host. Often these worms go undetected for several hours or days, giving the worm ample time to not only send out information, but also spread to other systems through email or attached to documents.
http://www.isoc.org/internet/standards/papers/amr-on-standards.shtml
The government must arrest, and provide due process, to the hacker who does harm to the public. Public Interest, and a common desire by the public to pursue the privilege of using the Internet, puts government in the middle of transactions, to secure the unwanted third party criminal element.
The Internet allows the thief to be most subtle in his confiscation. There is no breaking and entering, no brutality, and no destruction of property, as in regular burglary. The only hope in annulling the usurper is in depriving him of other’s property.
The Government is Third Party Incognito
Does the government, as third party, watch over the business of the Internet? Traditionally, no, because if it did it, would be the most repressive security/privacy measure, slowing traffic to a crawl. The government provides standards and practices, and maybe, a ruling body, to decide the outcome of complaints. But to better understand the workings of the government is a foolhardy task at best. It is wise to consider the Government as not involved.
“Today's Standards Making Architecture.. The architecture of standards-making organizations in the telecommunication and information fields has undergone fundamental change over the past decade. The old architecture was simple and well bounded around a handful of bodies with explicit international, regional, national, and subject matter jurisdictions. These standards-making bodies were virtual sovereign, following slow, deliberate, time-honored processes that remained essentially unchanged for the preceding 130 years since the first multilateral telecom standards conference, and engaged legions of standards professionals whose careers often began and ended in a single committee.”
..Internet commerce factors have produced a very different ‘standards making architecture.’ Today, direct government involvement in picking winners and losers is likely to be the kiss of death for the unlucky recipient. With few exceptions, every direct governmental intrusion into the standards marketplace over the past decade has had major adverse consequences. On the other hand, minimal government involvement, designed primarily to foster research, collaboration and technology transfer among developers and rapid dissemination of standards, appear to work well.
http://www.isoc.org/internet/standards/papers/amr-on-standards.shtml
Your PC Operating Software is another Third Party
Your PC is loaded today with protocols that allow the user to set his own standards for the travail upon the Internet. Some of these give a sliding scale of preference, yet each setting presents a degree of risk. In fact, the very implementation of the protocols suggests the conspicuous outcome, of piracy, on the Internet.
Please note that the higher the setting for your own PC, the less effective you become as a traveler does.
Microsoft defines Security as:
§ High- The safest way to browse, the least functional.. Less secure features are disabled.. Appropriate for sites that might have harmful content.
§ Medium- Safe browsing and still functional.. Prompts before downloading potentially unsafe content.. Unsigned ActiveX controls will not be downloaded.. Appropriate fort most Internet sites
§ Medium low- Same as above Medium with no prompts
§ Low- Minimal safeguards and warning prompts are provided.. Most content is downloaded and run without prompts.. All active content can run.. Appropriate for sites that you absolutely trust.
And, Microsoft defines Privacy as follows:
§ Block All Cookies- Cookies from all Web Sites are blocked.. and any Web sites cannot read Existing cookies on your PC.
§ High, Medium High, Medium, Medium Low, etc.:
§ Accept All Cookies- Blocks third party cookies that do not have a compact privacy policy.
§ Blocks third-party cookies that use personal information without explicit consent
§ Blocks first-party cookies that use personal information without implicit consent.
Other Third Parties Involved
Internet Crime Watch groups may be around as vigilantes, but the advocate would argue the third party vigilante is only secure if bonded to the task by error, and omission policy. The vigilante might turn out to be the scapegoat, or worse the criminal.
“In a world of heterogeneous, voluntary standards making bodies, no organization has a right to claim its standards are more legitimate or legally binding or even "preeminent" than those produced by any others, including individual corporations that have obtained adoption of their standards in an open marketplace. The ISO, for example, is a private, not a treaty organization. Even the ITU-T (which is an international body under a public intergovernmental organization) does not produce legally binding standards. Indeed, at decades of formal international conferences, great care has been taken to assure that standards remain purely voluntary-on a par with all other organizations.”
http://www.isoc.org/internet/standards/papers/amr-on-standards.shtml
Motive
To summarize criminal aptitude, apply a working definition to “The Internet Identity Thief:” the authorized user of the Internet, who uses the Internet, to wrongfully obtain and procure another person’s personal data without the person’s knowledge or consent. The only motive that fits is greed and acquisitiveness that drives internet identity thieves, whose only cares seem to be about satisfying own personal needs. These are not new motives, rather, well documented in the history of humankind. The Internet Byway, is the common link to the epidemic in piracy of non-secure identities.
“The instant, anonymous, and worldwide reach of the Internet allows identity thieves to thrive and hide more efficiently. Web merchants, financial service companies, and internet customer’s real-time internet transactions are expanding and the Internet has become a real time saver for criminals who can instantly find and use others passwords, banking information, social security numbers, or credit card numbers, without having to show any photo ID or signature, which is difficult to do over the Net. The FBI calls internet identity theft one of the fastest growing global crimes of fraud and deception, while the Federal Trade Commission states that an average 500,000 to 700,000 Americans become internet identity theft victims each year!”
http://www.isoc.org/internet/standards/papers/amr-on-standards.shtml , keywords: Information Standards,
Epidemic: Neither Wire, nor Wireless, nor Fiber-optic?
It is uncanny, relatively middle-class, self-preserving patrons traverse the WWW, putting personal lives at stake to make business transactions. The author Elias M. Awad, E Commerce, from Vision to Fulfillment, criticizes the events of Identity piracy as hard to understand. The author is saying it is not wise to drive the Internet without some first, practice, and self-defense training And, he is not speaking of the traditional types of training.
“Cost savings, opportunism, and threat drive action and innovation in even the most conservative companies. .. however, ..shortage of e-literate people in the workplace continues, 9 out of 10 respondents in a survey published in Computerworld, said ‘only a few’ of their key managers have e-commerce skills, Internet experience, and foresight. Sixty-six percent also said they are having a tough time attracting people wanting to take advantage of online opportunities. Finally, traditional organizational structures and cultures were found to inhibit progress in e-commerce.”
pp18-19author Elias M. Awad, E Commerce, from Vision to Fulfillment.
The Promise of Equity
The frontiers of the Internet have lead many to new horizons, yet only to exacerbate and ruin their pioneering spirit. Some ethics and syllogisms not yet defined are balefully being applied with unwarranted abuse at the very moment. This abuse yet to be realized foretells of a future with clogs, not blogs; serendipity, not authenticity; and manipulators, instead of benefactors. Woe is the way in free enterprise. Blood, sweat and tears, is spilled in the advent of new systems and products. Warning systems work only if the public works at it.
The Internet Society lists the various publications in its website, covering all phases of the E-commerce tangle. People have spent their entire career in the work of proving the words they write in the cause of logic, ethic, and moral issues. The Internet must interest them, because WWW as a tool could fulfill the cause of equity among all humans, and humankind activities.
“IAB Statement of Policy the Internet is a national facility whose utility is largely a consequence of its wide availability and accessibility. Irresponsible use of this critical resource poses an enormous threat to its continued availability to the technical community. The U.S. Government sponsors of this system have a fiduciary responsibility to the public to allocate government resources wisely and effectively. Justification for the support of this system suffers when highly disruptive abuses occur. Access to and use of the Internet is a privilege and should be treated as such by all users of this system.
Ethics and the Internet Request for Comments: 1087 Network Working Group, Internet Activities Board January 1989 IAB policy statement concerning the proper use of the resources of the Internet. [2 pages]
How Much does it Cost?
The money trail puts the cost of security out of reach for the individual. The recent realizations by international corporations, suggest that even they don’t have the resources to pay for the epidemic of Internet crime. The costs for the security needed, exceeds the ability to pay for it. It was recently reported in the News. There is a push to spread the cost of security out among the participants. What will the percentages be to each?
“Such security, however, may be extremely expensive and may be counterproductive if it inhibits the free flow of information which makes the Internet so valuable. In the final analysis, the health and well-being of the Internet is the responsibility of its users who must, uniformly, guard against abuses which disrupt the system and threaten its long-term viability.” Ibid. Ethics and the Internet
Request for Comments: 1087 Network Working Group, Internet Activities Board January 1989
SUMMARY
Our questions have no answers, and ultimately raise more questions.
Is there really a breach in privacy and security of the Individual? Yes. Security issues recurrently, have serious impact on e-commerce. Does MSN OS founder Gates have an anwer? No, he is providing a purveyor of transaction, MSN, while trying to strangle the beast at the same time.
Whether hooked up via the various forms of wireless, hot link, smart line, or landline, the Internet is not safe to ride. If the traveler is in a rush, his increased need for speed will cause a mishap. If the second party is unwilling to protect his information the activity is game for the criminal to become third party in the activity.
Is it normal for the consumer to take all the risk in a transaction? Historically, it seems so. It is a huge risk the public is willing to take, the divulging of personal information, for the privilege of trekking the WWW, is leading to an epidemic of theft, by thieves of identity. Their motives are avarice, sabotage, and greed.
Increased use of the Internet will make Privacy and the ethics of transaction, a colossal test on the security of a system. The Internet is hampered every few years by constant release of new technology.
Warranty, and damage claims, and conformity to standards, as put out by Industry Groups, may be self-serving, and used in error, for globalization of parts, services, and products. In the end, it is the unseen Government, who has to deal with the complaints, abuse, and disruption of the Internet.
Percent of ID theft on the Internet rises exponentially as the number of users’ increases. Will Security and Privacy on the Internet ever be suitable? If Web-Site self-policing is radical, comprehensive and integral, then the journey in cyberspace may be less discouraging. The responsibility will have to be shouldered by the entire WWW population. For a trustworthy, loyal, helpful Internet to thrive worldwide, in an ideal environment, it must be self-policed. However, there always will be inconclusive evidence that the Internet is secure or not, due to the negating nature of newer technology arriving daily.
The last twenty years have been an expensive collective learning experience about "bottom up" versus "top down" initiatives. Top down initiatives is characterized by grand telecommunication and information infrastructure standards programmed begun through traditional international organizations. In these organizations, long-term concepts and plans are developed after years of deliberation and then pursued and implemented at regional, national, and local levels. This process can sometimes take decades. Meanwhile, the real revolutions in the telecommunication and information fields have occurred from the bottom up. Personal computers and workstations, local area networks, cost-oriented leased lines, routers, network operating systems, the Internet, and other capabilities have empowered individuals and organizations to develop their own infrastructures, and control their own information destiny.
http://www.isoc.org/internet/standards/papers/amr-on-standards.shtml
Captures
Additional Notes Captured from useful Websites: Other Sources to Peruse, which protrude beyond the scope of this discussion.
1.One common aspect with all on-line businesses is personal information stored for use of repeat shoppers. The storage of information can save histories of their purchases and can eliminate steps of entering data each time the customer comes back to the site. The hackers look for loopholes in different ISPs to gain necessary information they are looking for. Internet sites not only leave information available each time someone visits a site, but they also sell this information to whoever will buy it. Here is a list of items that are common among web sites:
· web sites may freely gather as much personal data as desirable from consumers.
· web sites need not ask permission to gather personal data.
· web sites need not inform consumers of their data gathering practices.
· web sites may use personal data in any manner they prefer, such as selling or licensing it to third parties.
· web sites need not allow consumers access to their data.
web sites need not provide security for personal data in their possession.
7 . Winn Schwartau, Cyber Shock: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists, and Weapons of Mass Disruption. 88-95. New York : Thunder Mountain Press, 2000.
8 . Steven A. Hetcher, The Emergence of web site Privacy Norms . 7 Mich. Telecomm. Tech. L. Rev. 99 (2000)
2. Why is it that companies leave such personal data online for others to buy and use? The main reason is that these early web sites used personal data for the interests of the web site industry. They reflect the fact that most web sites, neither legal nor social pressure to respect the data privacy of the visitors to their sites. There was no legal pressure because there were no laws against the practice of selling personal information and there was little social pressure because most people had little or no awareness that these practices were taking place. Personal information is not owned and at this time is not unlawful to collect without consent. This data has become very valuable to companies, the hackers, and anyone who sees value in it. Take for example the value cards you use at your local grocery store. These grocers make you use the card to get their sale prices while at the same time keeping track of everything you buy and where you buy it. The same is done on the Internet. Every time you sign on to a site, buy an item, or just browse unknowingly you leave a mark you have been there. If you have bought anything, you probably left personal information along with your credit card number, address, and whatever were required of you to make the purchase.
http://gsulaw.gsu.edu/lawand/papers/fa02/schaefer/#Introduction
3. “Protocol: “Protocols.com offers a comprehensive listing of data communications protocols, their functions in respect to the OSI model, the structure of the protocol and various errors and parameters.” http://www.picosearch.com/cgi-bin/ts.pl
“ISO International Standards Organization protocols defined by IEEE; complete sevenlayer protocol conforming to the OSI networking model.
ISOIP ISO Internetworking Protocol, includes built-in error signalling to aid in routing management.
ISOSP ISO Session Protocol, specifies procedures for a single protocol for the transfer of data and control information from one session entity to a peer session entity.”
Site Security Handbook Request for Comments: 1244 Network Working Group July 1991This handbook is a combined effort of the Security Area and User Services Area of the Internet Engineering Task Force (IETF). It is a guide to setting computer security policies and procedures for sites that have systems on the Internet; it lists issues and factors that a site must consider when setting their own policies. [101 pages]
Guidelines for Management of IP Address Space Request for Comments: 1466 Network Working Group May 1993 The document does not represent a standards, but only recommendations on management of the IP address space. Following topics are covered: (1) Qualifications for Distributed Regional Registries 2) Allocation of the Network Number Space by the Internet Registry 3) Assignment of the Network Numbers. [9 pages]
END.
Moo Pig Wisdom is a brilliant combination of Antiquity and Prequel Modern Flea Market. We respectfully ask you to mind your children while here.
Subscribe to:
Post Comments (Atom)
Blog Archive
SUNDAY :: bishop FM 105.9 Auckland
DISCLAIMER
: It is PROHIBITED by law to use our service or the information it provides to make decisions about consumer credit, employment, insurance, tenant screening, or for any other purpose subject to the Fair Credit Reporting Act, 15 USC 1681 et seq. MooPig Wisdom does not provide consumer reports and is not a consumer reporting agency. The information available on our website may not be 100% accurate, complete, or up to date, so do not use this information as a substitute for your own due diligence, especially if you have concerns about a person’s criminal history. MooPig Wisdom does not make any representation or warranty about the accuracy of the information available through our website or about the character or integrity of the person about whom you inquire. So dip your balls in turpentine and get rid of your own fleas before calling me out.
Ask Someone Who Cares -- SUCH AS SUCH MULCH
To report any abusive, obscene, defamatory, racist,
homophobic or threatening comments, or anything that may violate any applicable laws, please click --ask_someone_who cares -- ASWC to report with pertinent details.
Anyone posting such material will be immediately mesquitte blackened over a very hot pit fire down at C and J's BBQ on Harvey-Elmo-Weedon Road, and permanently removed from all servers, its IP
owner will be locked in a small room with back issues of The ECONOMIST, and one scratchy re-mix 8-track tape of Steely Dan's first album...
IP addresses might be recorded to aid us in enforcing these conditions, that is if we cared.
Email MooPigster Customers' Alert
http://www.youtube.com/watch?v=CywR3ouHKP4
If you receive this post via email, you notice it is mostly 'blank'.
We at MooPig Surmise, that at this point, one either says:
If you receive this post via email, you notice it is mostly 'blank'.
We at MooPig Surmise, that at this point, one either says:
"WOW, I'm off the hook, and don't have to pay any attention to that pesky MooPig STUFF!!"-- OR --
"Hey, where is it ...?"The answer is: "IT IS A youTUBE presentation"... and you will now click on the http above to go see this modern miracle of technology.
MooPig Wisdom is Your Life-Line to Parody:
24\7 -- We accept all Calls from Contestants
MPW Unique Value Proposition, UVP
Shards of Evidence ... Opinion and Editorial ... We Blunderbuss indigestible Ersatz of Readers' and Writers' ... Explain Strategies of quasi-firms... and some not so quasi ... 110% Proof
One Only Advertisement Only One
Publisher of Satire ... Enemy to Bombast ... Very Swank ... More Fun to Write than to Read
Shards of Evidence ... Opinion and Editorial ... We Blunderbuss indigestible Ersatz of Readers' and Writers' ... Explain Strategies of quasi-firms... and some not so quasi ... 110% Proof
One Only Advertisement Only One
Publisher of Satire ... Enemy to Bombast ... Very Swank ... More Fun to Write than to Read
MooPig Wisdom is online to provide spring board for writers.
MooPig is the Writers' Writer that encourages voice, content, and style. PD
MooPig is the Writers' Writer that encourages voice, content, and style. PD
No comments:
Post a Comment